Research on Windows Kernel Executive Callback Objects
☆317Feb 22, 2020Updated 6 years ago
Alternatives and similar repositories for ExecutiveCallbackObjects
Users that are interested in ExecutiveCallbackObjects are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆242Nov 6, 2019Updated 6 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆108Apr 24, 2020Updated 6 years ago
- Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.☆906Nov 21, 2019Updated 6 years ago
- win10 pgContext dynamic dump (btc version)☆112Jan 15, 2020Updated 6 years ago
- A POC for Windows Extension Host hooking☆24Jul 13, 2019Updated 6 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- C++ Exceptions in Windows Drivers☆220Dec 21, 2020Updated 5 years ago
- VT-based PCI device monitor (SPI)☆157Oct 29, 2020Updated 5 years ago
- Reverse engineered source code of the autochk rootkit☆212Nov 1, 2019Updated 6 years ago
- Hide codes/data in the kernel address space.☆188May 8, 2021Updated 5 years ago
- An example of a client and server using Windows' ALPC functions to send and receive data.☆120Jan 21, 2025Updated last year
- Open Course for diving security internal☆52Nov 11, 2019Updated 6 years ago
- WinDBG Anti-RootKit Extension☆642Jul 29, 2020Updated 5 years ago
- KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK☆545Sep 2, 2022Updated 3 years ago
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆243Jul 26, 2020Updated 5 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Analyze Windows x64 Kernel Memory Layout☆131Nov 19, 2020Updated 5 years ago
- ☆115Oct 1, 2019Updated 6 years ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆146Sep 5, 2020Updated 5 years ago
- ☆123May 23, 2020Updated 5 years ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆136Mar 16, 2026Updated 2 months ago
- proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC☆1,288May 1, 2024Updated 2 years ago
- The program draws with win32k gdi functions in the kernel while NtGdiDdDDISubmitCommand is being hooked.☆348Apr 27, 2020Updated 6 years ago
- Turn off PatchGuard in real time for win7 (7600) ~ later☆1,039Apr 21, 2022Updated 4 years ago
- Internals information about Hyper-V☆739May 6, 2026Updated 2 weeks ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- codes for my blog post: https://secrary.com/Random/InstrumentationCallback/☆183Nov 30, 2017Updated 8 years ago
- System call hook for Windows 10 20H1☆494Jun 26, 2021Updated 4 years ago
- Hook system calls on Windows by using Kaspersky's hypervisor☆1,293Apr 2, 2026Updated last month
- APC Internals Research Code☆173Jun 28, 2020Updated 5 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆64Jun 19, 2019Updated 6 years ago
- Load self-signed drivers without TestSigning or disable DSE. Transferred from https://github.com/DoubleLabyrinth/Windows10-CustomKernelSi…☆790Jan 22, 2020Updated 6 years ago
- Hook system calls, context switches, page faults and more.☆2,649May 9, 2023Updated 3 years ago
- CFB is a ProcMon-style tool designed to assist capturing IRPs sent to Windows drivers.☆334Mar 26, 2024Updated 2 years ago
- Examples of leaking Kernel Mode information from User Mode on Windows☆639Jul 7, 2017Updated 8 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Toolkit for Hyper-V security research☆156Mar 7, 2022Updated 4 years ago
- Windows kernel hacking framework, driver template, hypervisor and API written on C++☆1,812Nov 12, 2023Updated 2 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆103May 14, 2020Updated 6 years ago
- API Set resolver for Windows☆144Sep 11, 2024Updated last year
- 过去写的一些Windows安全研究相关代码☆134Feb 2, 2019Updated 7 years ago
- windows kernel security development☆2,062Sep 6, 2022Updated 3 years ago
- kHypervisor is a lightweight bluepill-like nested VMM for Windows, it provides and emulating a basic function of Intel VT-x☆449Nov 29, 2021Updated 4 years ago