Using NtCreateFile and NtDeviceIoControlFile to realize the function of winsock(利用NtCreateFile和NtDeviceIoControlFile 实现winsock的功能)
☆128Sep 9, 2022Updated 3 years ago
Alternatives and similar repositories for NtSocket_NtClient_NtServer
Users that are interested in NtSocket_NtClient_NtServer are comparing it to the libraries listed below
Sorting:
- 利用物理内存映射,实现虚拟内存的伪隐藏☆86Sep 15, 2022Updated 3 years ago
- The Kernel-Mode Winsock library, supporting TCP, UDP and Unix sockets (DGRAM and STREAM).☆290Jan 27, 2025Updated last year
- KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK☆541Sep 2, 2022Updated 3 years ago
- ☆99Oct 6, 2017Updated 8 years ago
- 可在非测试模式下符号化读取内核内存。Kernel memory can be read symbolically in non test mode。☆109Sep 1, 2022Updated 3 years ago
- ☆225Feb 21, 2023Updated 3 years ago
- https://key08.com/index.php/2021/10/19/1375.html☆71May 11, 2022Updated 3 years ago
- kernel-mode TDI client which can send and receive HTTP requests☆56Jun 9, 2018Updated 7 years ago
- 从MmPfnData中枚举进程和页目录基址☆208Aug 18, 2023Updated 2 years ago
- Hook NtDeviceIoControlFile with PatchGuard☆107May 10, 2022Updated 3 years ago
- ☆23May 8, 2023Updated 2 years ago
- Kernel driver that .text hooks a syscall in dxgkrnl.sys which can be called from our user-mode client to send instructions like rpm/wpm a…☆213Dec 16, 2022Updated 3 years ago
- For Example. See Miro's Blog☆30Nov 26, 2022Updated 3 years ago
- sc4cpp is a shellcode framework based on C++☆94Aug 29, 2021Updated 4 years ago
- Taking advantage of CRT initialization, to get away with hooking protected applications☆48Mar 7, 2026Updated 2 weeks ago
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- The program draws with win32k gdi functions in the kernel while NtGdiDdDDISubmitCommand is being hooked.☆345Apr 27, 2020Updated 5 years ago
- ☆225Mar 11, 2023Updated 3 years ago
- ☆69Dec 17, 2020Updated 5 years ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation��☆159Apr 13, 2023Updated 2 years ago
- Collection of undocumented Windows API declarations.☆344Mar 11, 2026Updated last week
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆271Aug 31, 2022Updated 3 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- query-pdb is a server-side software for parsing PDB files. The software provides PDB online parsing service.☆167Oct 27, 2025Updated 4 months ago
- Analyze Windows x64 Kernel Memory Layout☆130Nov 19, 2020Updated 5 years ago
- InfinityHookPro Win7 -> Win11 latest☆553Feb 7, 2023Updated 3 years ago
- Kernel-Mode extended version of https://github.com/microsoft/Detours☆180Jun 1, 2025Updated 9 months ago
- Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL☆220Nov 12, 2020Updated 5 years ago
- C/C++ Runtime library for system file (Windows Kernel Driver) - Supports Microsoft STL☆192Aug 27, 2022Updated 3 years ago
- VT-based PCI device monitor (SPI)☆158Oct 29, 2020Updated 5 years ago
- Experimental disassembler for x86 binaries virtualized by VMProtect 3☆98Aug 27, 2022Updated 3 years ago
- Radical Windows ARK☆252Apr 18, 2025Updated 11 months ago
- ☆44Oct 7, 2018Updated 7 years ago
- Another wow64ext to try to be compatible with WOW64 for all architectures.☆98Jan 1, 2026Updated 2 months ago
- Windows CVE主防(HIPS/HIDS)☆58Apr 29, 2021Updated 4 years ago
- Windows Anti-Rootkit Tool☆546Dec 31, 2025Updated 2 months ago
- Monitor ETW events for Windows process mitigation policies, with stack traces☆31Oct 7, 2022Updated 3 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- ☆158May 21, 2024Updated last year