AdamOron/PatchGuardBypass external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

AdamOron/PatchGuardBypass

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/AdamOron/PatchGuardBypass)

Close

AdamOron / PatchGuardBypassView on GitHubMore

• External links
• Readme badge

Bypassing PatchGuard on modern x64 systems

☆264Apr 9, 2023Updated 3 years ago

Alternatives and similar repositories for PatchGuardBypass

Users that are interested in PatchGuardBypass are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• MapleSwan / PageTableHook

  View on GitHub
  ☆143Dec 10, 2022Updated 3 years ago
• zer0condition / Demystifying-PatchGuard

  View on GitHub
  Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…
  ☆134Mar 16, 2026Updated 3 weeks ago
• armasm / EasyAntiPatchGuard

  View on GitHub
  Easy Anti PatchGuard
  ☆222Apr 9, 2021Updated 5 years ago
• nbs32k / inline-syscall

  View on GitHub
  Inline syscalls made for MSVC supporting x64 and WOW64
  ☆194Jul 10, 2023Updated 2 years ago
• GetRektBoy724 / DCMB

  View on GitHub
  Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!
  ☆250Jul 9, 2024Updated last year
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• zer0condition / ZeroThreadKernel

  View on GitHub
  Recursive and arbitrary code execution at kernel-level without a system thread creation
  ☆160Mar 16, 2026Updated 3 weeks ago
• ekknod / efi-monitor

  View on GitHub
  just proof of concept. hooking MmCopyMemory PG safe.
  ☆86Nov 13, 2023Updated 2 years ago
• KiFilterFiberContext / warbird-hook

  View on GitHub
  Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard
  ☆268Aug 31, 2022Updated 3 years ago
• kkent030315 / NoPatchGuardCallback

  View on GitHub
  x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code
  ☆208May 27, 2021Updated 4 years ago
• stdhu / windows-kernel-pagehook

  View on GitHub
  windows kernel pagehook
  ☆42Oct 30, 2022Updated 3 years ago
• Xyrem / HyperDeceit

  View on GitHub
  HyperDeceit is the ultimate all-in-one library that emulates Hyper-V for Windows, giving you the ability to intercept and manipulate oper…
  ☆379Jun 3, 2023Updated 2 years ago
• gmh5225 / CallMeWin32kDriver

  View on GitHub
  Load your driver like win32k.sys
  ☆259Aug 20, 2022Updated 3 years ago
• ccdescipline / CInject

  View on GitHub
  Windows Kernel inject (no module no thread)
  ☆282Nov 11, 2022Updated 3 years ago
• crvvdev / MasterHide

  View on GitHub
  A x64 Windows Rootkit using SSDT or Hypervisor hook
  ☆568Jan 4, 2025Updated last year
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• thesecretclub / SandboxBootkit

  View on GitHub
  Bootkit for Windows Sandbox to disable DSE/PatchGuard.
  ☆326Oct 13, 2024Updated last year
• FiYHer / InfinityHookPro

  View on GitHub
  InfinityHookPro Win7 -> Win11 latest
  ☆552Feb 7, 2023Updated 3 years ago
• MapleSwan / enum_real_dirbase

  View on GitHub
  从MmPfnData中枚举进程和页目录基址
  ☆210Aug 18, 2023Updated 2 years ago
• armvirus / SinMapper

  View on GitHub
  usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to …
  ☆476Jan 3, 2022Updated 4 years ago
• estimated1337 / lenovo_mapper

  View on GitHub
  driver manual mapper powered by https://github.com/estimated1337/lenovo_exec
  ☆116Dec 28, 2022Updated 3 years ago
• armvirus / CosMapper

  View on GitHub
  Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.
  ☆391Aug 8, 2021Updated 4 years ago
• IcEy-999 / Ntoskrnl_Viewer

  View on GitHub
  可在非测试模式下符号化读取内核内存。Kernel memory can be read symbolically in non test mode。
  ☆108Sep 1, 2022Updated 3 years ago
• XaFF-XaFF / Kernel-Process-Hollowing

  View on GitHub
  Windows x64 kernel mode rootkit process hollowing POC.
  ☆190Jun 30, 2023Updated 2 years ago
• 1401199262 / Hook-KdTrap

  View on GitHub
  ☆225Mar 11, 2023Updated 3 years ago
• Proton VPN Special Offer - Get 70% off • Ad
  Special partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
• KANKOSHEV / Detect-HiddenThread-via-KPRCB

  View on GitHub
  Detect removed thread from PspCidTable.
  ☆75Mar 18, 2022Updated 4 years ago
• ekknod / acdrv

  View on GitHub
  base for testing
  ☆187Sep 28, 2024Updated last year
• worawit / malk

  View on GitHub
  Demonstrate calling a kernel function and handle process creation callback against HVCI
  ☆83Dec 21, 2022Updated 3 years ago
• xu-Wan / HypercallPageHook

  View on GitHub
  POC Hook of nt!HvcallCodeVa
  ☆54May 8, 2023Updated 2 years ago
• waryas / KACE

  View on GitHub
  Emulate Drivers in RING3 with self context mapping or unicorn
  ☆366Aug 18, 2022Updated 3 years ago
• IcEy-999 / Drv_Hide_And_Camouflage

  View on GitHub
  ☆311May 11, 2023Updated 2 years ago
• EBalloon / Rw-No-Attach

  View on GitHub
  ☆158May 21, 2024Updated last year
• anzelesnik / SyscallHook

  View on GitHub
  System call hook for Windows 10 20H1
  ☆494Jun 26, 2021Updated 4 years ago
• ZEROWyt / Patchguard-2023

  View on GitHub
  ☆24Jul 24, 2023Updated 2 years ago
• DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• VollRagm / lpmapper

  View on GitHub
  A mapper that maps shellcode into loaded large page drivers
  ☆332Apr 26, 2022Updated 3 years ago
• zer0condition / NVDrv

  View on GitHub
  Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.
  ☆284Mar 16, 2026Updated 3 weeks ago
• SamuelTulach / meme-rw

  View on GitHub
  Archive R/W into any protected process by changing the value of KTHREAD->PreviousMode
  ☆163Jul 31, 2022Updated 3 years ago
• alfarom256 / CVE-2022-3699

  View on GitHub
  Lenovo Diagnostics Driver EoP - Arbitrary R/W
  ☆176Dec 5, 2022Updated 3 years ago
• RixedLabs / IDLE-Abuse

  View on GitHub
  A method to execute shellcode using RegisterWaitForInputIdle API.
  ☆55Apr 4, 2023Updated 3 years ago
• floesen / KExecDD

  View on GitHub
  Admin to Kernel code execution using the KSecDD driver
  ☆264Apr 19, 2024Updated last year
• kkent030315 / PageTableInjection

  View on GitHub
  Code Injection, Inject malicious payload via pagetables pml4.
  ☆243Jul 7, 2021Updated 4 years ago