Research on Windows Kernel Executive Callback Objects
☆316Feb 22, 2020Updated 6 years ago
Alternatives and similar repositories for ExecutiveCallbackObjects
Users that are interested in ExecutiveCallbackObjects are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆242Nov 6, 2019Updated 6 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆109Apr 24, 2020Updated 5 years ago
- Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.☆904Nov 21, 2019Updated 6 years ago
- win10 pgContext dynamic dump (btc version)☆112Jan 15, 2020Updated 6 years ago
- A POC for Windows Extension Host hooking☆24Jul 13, 2019Updated 6 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- Reverse engineered source code of the autochk rootkit☆211Nov 1, 2019Updated 6 years ago
- C++ Exceptions in Windows Drivers☆220Dec 21, 2020Updated 5 years ago
- VT-based PCI device monitor (SPI)☆158Oct 29, 2020Updated 5 years ago
- Hide codes/data in the kernel address space.☆187May 8, 2021Updated 4 years ago
- An example of a client and server using Windows' ALPC functions to send and receive data.☆118Jan 21, 2025Updated last year
- Open Course for diving security internal☆52Nov 11, 2019Updated 6 years ago
- WinDBG Anti-RootKit Extension☆645Jul 29, 2020Updated 5 years ago
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆233Jul 26, 2020Updated 5 years ago
- KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK☆543Sep 2, 2022Updated 3 years ago
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- Analyze Windows x64 Kernel Memory Layout☆130Nov 19, 2020Updated 5 years ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆146Sep 5, 2020Updated 5 years ago
- ☆116Oct 1, 2019Updated 6 years ago
- ☆125May 23, 2020Updated 5 years ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆134Mar 16, 2026Updated 3 weeks ago
- proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC☆1,277May 1, 2024Updated last year
- The program draws with win32k gdi functions in the kernel while NtGdiDdDDISubmitCommand is being hooked.☆348Apr 27, 2020Updated 5 years ago
- Turn off PatchGuard in real time for win7 (7600) ~ later☆1,041Apr 21, 2022Updated 3 years ago
- Internals information about Hyper-V☆733Mar 7, 2026Updated last month
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- codes for my blog post: https://secrary.com/Random/InstrumentationCallback/☆183Nov 30, 2017Updated 8 years ago
- Hook system calls on Windows by using Kaspersky's hypervisor☆1,285Apr 2, 2026Updated last week
- System call hook for Windows 10 20H1☆494Jun 26, 2021Updated 4 years ago
- APC Internals Research Code☆171Jun 28, 2020Updated 5 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆65Jun 19, 2019Updated 6 years ago
- Load self-signed drivers without TestSigning or disable DSE. Transferred from https://github.com/DoubleLabyrinth/Windows10-CustomKernelSi…☆785Jan 22, 2020Updated 6 years ago
- Hook system calls, context switches, page faults and more.☆2,641May 9, 2023Updated 2 years ago
- CFB is a ProcMon-style tool designed to assist capturing IRPs sent to Windows drivers.☆332Mar 26, 2024Updated 2 years ago
- Examples of leaking Kernel Mode information from User Mode on Windows☆635Jul 7, 2017Updated 8 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Toolkit for Hyper-V security research☆158Mar 7, 2022Updated 4 years ago
- API Set resolver for Windows☆143Sep 11, 2024Updated last year
- Windows kernel hacking framework, driver template, hypervisor and API written on C++☆1,807Nov 12, 2023Updated 2 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆105May 14, 2020Updated 5 years ago
- 过去写的一些Windows安全研究相关代码☆135Feb 2, 2019Updated 7 years ago
- windows kernel security development☆2,058Sep 6, 2022Updated 3 years ago
- kHypervisor is a lightweight bluepill-like nested VMM for Windows, it provides and emulating a basic function of Intel VT-x☆447Nov 29, 2021Updated 4 years ago