Research on Windows Kernel Executive Callback Objects
☆315Feb 22, 2020Updated 6 years ago
Alternatives and similar repositories for ExecutiveCallbackObjects
Users that are interested in ExecutiveCallbackObjects are comparing it to the libraries listed below
Sorting:
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆240Nov 6, 2019Updated 6 years ago
- win10 pgContext dynamic dump (btc version)☆110Jan 15, 2020Updated 6 years ago
- Reverse engineered source code of the autochk rootkit☆209Nov 1, 2019Updated 6 years ago
- Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.☆902Nov 21, 2019Updated 6 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆110Apr 24, 2020Updated 5 years ago
- Hide codes/data in the kernel address space.☆188May 8, 2021Updated 4 years ago
- VT-based PCI device monitor (SPI)☆158Oct 29, 2020Updated 5 years ago
- C++ Exceptions in Windows Drivers☆221Dec 21, 2020Updated 5 years ago
- An example of a client and server using Windows' ALPC functions to send and receive data.☆115Jan 21, 2025Updated last year
- A POC for Windows Extension Host hooking☆24Jul 13, 2019Updated 6 years ago
- KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK☆541Sep 2, 2022Updated 3 years ago
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆232Jul 26, 2020Updated 5 years ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆145Sep 5, 2020Updated 5 years ago
- Open Course for diving security internal☆52Nov 11, 2019Updated 6 years ago
- ☆116Oct 1, 2019Updated 6 years ago
- The program draws with win32k gdi functions in the kernel while NtGdiDdDDISubmitCommand is being hooked.☆344Apr 27, 2020Updated 5 years ago
- Analyze Windows x64 Kernel Memory Layout☆129Nov 19, 2020Updated 5 years ago
- proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC☆1,270May 1, 2024Updated last year
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆65Jun 19, 2019Updated 6 years ago
- ☆125May 23, 2020Updated 5 years ago
- WinDBG Anti-RootKit Extension☆645Jul 29, 2020Updated 5 years ago
- APC Internals Research Code☆166Jun 28, 2020Updated 5 years ago
- Hook system calls on Windows by using Kaspersky's hypervisor☆1,278Feb 14, 2026Updated last week
- Load self-signed drivers without TestSigning or disable DSE. Transferred from https://github.com/DoubleLabyrinth/Windows10-CustomKernelSi…☆781Jan 22, 2020Updated 6 years ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆132Apr 26, 2023Updated 2 years ago
- kHypervisor is a lightweight bluepill-like nested VMM for Windows, it provides and emulating a basic function of Intel VT-x☆443Nov 29, 2021Updated 4 years ago
- System call hook for Windows 10 20H1☆496Jun 26, 2021Updated 4 years ago
- Turn off PatchGuard in real time for win7 (7600) ~ later☆1,037Apr 21, 2022Updated 3 years ago
- Examples of leaking Kernel Mode information from User Mode on Windows☆633Jul 7, 2017Updated 8 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆104May 14, 2020Updated 5 years ago
- Internals information about Hyper-V☆731Dec 20, 2025Updated 2 months ago
- CFB is a ProcMon-style tool designed to assist capturing IRPs sent to Windows drivers.☆333Mar 26, 2024Updated last year
- API Set resolver for Windows☆141Sep 11, 2024Updated last year
- codes for my blog post: https://secrary.com/Random/InstrumentationCallback/☆183Nov 30, 2017Updated 8 years ago
- This is a collection of interesting codes about Windows Process creation.☆237Jan 12, 2024Updated 2 years ago
- Windows kernel hacking framework, driver template, hypervisor and API written on C++☆1,803Nov 12, 2023Updated 2 years ago
- C++ STL in the Windows Kernel with C++ Exception Support☆435Aug 16, 2023Updated 2 years ago
- 过去写的一些Windows安全研究相关代码☆135Feb 2, 2019Updated 7 years ago
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆66Apr 4, 2020Updated 5 years ago