Ahora57 / Unabomber
Improved VMP Idea(detect anti-anti-debug tools by bug)
☆41Updated last year
Alternatives and similar repositories for Unabomber:
Users that are interested in Unabomber are comparing it to the libraries listed below
- PAGE_GUARD based hooking library☆42Updated 2 years ago
- Kernel ReClassEx☆65Updated last year
- Library to manipulate drivers that expose a physical memory read/write primitive.☆24Updated last year
- Kernel Level NMI Callback Blocker☆64Updated 5 months ago
- ☆28Updated 4 months ago
- POC Hook of nt!HvcallCodeVa☆49Updated last year
- ntoskrnl .data hooks for UM-KM communication☆36Updated 8 months ago
- Experiment with PAGE_GUARD protection to hide memory from other processes☆45Updated 7 months ago
- Driver that communicates using a thread and a shared section with Usermode☆38Updated last week
- This is a POC Test project for INTEL CPUs on blocking NMI Entries through the IDT Handler.☆35Updated 4 months ago
- clearing traces of a loaded driver☆46Updated 2 years ago
- This is an EfiGuard BootLoader that can boot EfiGuard from Usermode with no USB or Setup as a Single Executable with automatic File Dumpi…☆38Updated 5 months ago
- ☆50Updated 2 years ago
- Freeze target threads (external - internal ) by avoiding SuspendThread detections. Or access registers from start address.☆30Updated 10 months ago
- detect hypervisor with Nmi Callback☆34Updated 2 years ago
- Old way for blocking NMI interrupts☆25Updated 2 years ago
- mouseclassservicecallback detection via hook☆50Updated 3 years ago
- ☆45Updated 2 years ago
- Discarded Section Manual Map☆67Updated 4 years ago
- ☆71Updated 2 years ago
- ☆43Updated 7 months ago
- UM-KM Communication using registry callbacks☆39Updated 4 years ago
- A poc that abuses Enclave☆36Updated 2 years ago
- ☆78Updated 3 years ago
- Symbolic Execution based on lifting amd64 to z3☆26Updated 7 months ago
- x64 Windows implementation of virtual-address to physical-address translation☆40Updated 3 years ago
- Allows for same-file KernelMode function execution using Encrypted addresses of Functions☆28Updated 4 months ago
- Mapping your code on a 0x1000 size page☆70Updated 2 years ago
- just proof of concept. hooking MmCopyMemory PG safe.☆64Updated last year
- ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel drive…☆48Updated last year