Research on Windows Kernel Executive Callback Objects
☆318Feb 22, 2020Updated 6 years ago
Alternatives and similar repositories for ExecutiveCallbackObjects
Users that are interested in ExecutiveCallbackObjects are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆242Nov 6, 2019Updated 6 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆110Apr 24, 2020Updated 6 years ago
- Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.☆906Nov 21, 2019Updated 6 years ago
- win10 pgContext dynamic dump (btc version)☆111Jan 15, 2020Updated 6 years ago
- A POC for Windows Extension Host hooking☆24Jul 13, 2019Updated 6 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Reverse engineered source code of the autochk rootkit☆212Nov 1, 2019Updated 6 years ago
- C++ Exceptions in Windows Drivers☆220Dec 21, 2020Updated 5 years ago
- VT-based PCI device monitor (SPI)☆158Oct 29, 2020Updated 5 years ago
- Hide codes/data in the kernel address space.☆188May 8, 2021Updated 4 years ago
- An example of a client and server using Windows' ALPC functions to send and receive data.☆119Jan 21, 2025Updated last year
- Open Course for diving security internal☆53Nov 11, 2019Updated 6 years ago
- WinDBG Anti-RootKit Extension☆643Jul 29, 2020Updated 5 years ago
- KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK☆545Sep 2, 2022Updated 3 years ago
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆244Jul 26, 2020Updated 5 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Analyze Windows x64 Kernel Memory Layout☆130Nov 19, 2020Updated 5 years ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆146Sep 5, 2020Updated 5 years ago
- ☆116Oct 1, 2019Updated 6 years ago
- ☆124May 23, 2020Updated 5 years ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆134Mar 16, 2026Updated last month
- proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC☆1,282May 1, 2024Updated last year
- The program draws with win32k gdi functions in the kernel while NtGdiDdDDISubmitCommand is being hooked.☆347Apr 27, 2020Updated 6 years ago
- Turn off PatchGuard in real time for win7 (7600) ~ later☆1,037Apr 21, 2022Updated 4 years ago
- Internals information about Hyper-V☆735Mar 7, 2026Updated last month
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- codes for my blog post: https://secrary.com/Random/InstrumentationCallback/☆184Nov 30, 2017Updated 8 years ago
- System call hook for Windows 10 20H1☆494Jun 26, 2021Updated 4 years ago
- Hook system calls on Windows by using Kaspersky's hypervisor☆1,286Apr 2, 2026Updated 3 weeks ago
- APC Internals Research Code☆172Jun 28, 2020Updated 5 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆65Jun 19, 2019Updated 6 years ago
- Load self-signed drivers without TestSigning or disable DSE. Transferred from https://github.com/DoubleLabyrinth/Windows10-CustomKernelSi…☆789Jan 22, 2020Updated 6 years ago
- Hook system calls, context switches, page faults and more.☆2,646May 9, 2023Updated 2 years ago
- CFB is a ProcMon-style tool designed to assist capturing IRPs sent to Windows drivers.☆332Mar 26, 2024Updated 2 years ago
- Examples of leaking Kernel Mode information from User Mode on Windows☆641Jul 7, 2017Updated 8 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Toolkit for Hyper-V security research☆158Mar 7, 2022Updated 4 years ago
- Windows kernel hacking framework, driver template, hypervisor and API written on C++☆1,812Nov 12, 2023Updated 2 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆105May 14, 2020Updated 5 years ago
- API Set resolver for Windows☆144Sep 11, 2024Updated last year
- 过去写的一些Windows安全研究相关代码☆135Feb 2, 2019Updated 7 years ago
- windows kernel security development☆2,062Sep 6, 2022Updated 3 years ago
- kHypervisor is a lightweight bluepill-like nested VMM for Windows, it provides and emulating a basic function of Intel VT-x☆449Nov 29, 2021Updated 4 years ago