CheckPointSW / showstopper
ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods.
☆195Updated 2 years ago
Related projects: ⓘ
- This project provides a collection of Microsoft Windows kernel structures, unions and enumerations. Most of them are not officially docum…☆159Updated 3 months ago
- Research on Windows Kernel Executive Callback Objects☆277Updated 4 years ago
- A more stealthy variant of "DLL hollowing"☆335Updated 6 months ago
- A library to develop kernel level Windows payloads for post HVCI era☆355Updated 3 years ago
- Advanced driver monitoring utility.☆194Updated 2 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆203Updated 4 years ago
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆195Updated 3 years ago
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆251Updated 2 years ago
- APC Internals Research Code☆155Updated 4 years ago
- Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.☆506Updated 3 weeks ago
- Set of antianalysis techniques found in malware☆124Updated last year
- Code Injection, Inject malicious payload via pagetables pml4.☆216Updated 3 years ago
- Analyze patches in a process☆241Updated 3 years ago
- Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks☆315Updated last year
- Debug Child Process Tool (auto attach)☆267Updated last year
- Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.☆308Updated 5 months ago
- This is a collection of interesting codes about Windows Process creation.☆225Updated 8 months ago
- Simple windows API logger☆96Updated 5 years ago
- My reversing tools. Some custom, some not.☆194Updated 8 months ago
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆217Updated 4 years ago
- Global user-mode hooking framework, based on AppInit_DLLs. The goal is to allow you to rapidly develop hooks to inject in an arbitrary pr…☆156Updated 2 years ago
- Translates WinDbg "dt" structure dump to a C structure☆126Updated 7 years ago
- Debugger Anti-Detection Benchmark☆283Updated 9 months ago
- A collection of various vulnerable (mostly physical memory exposing) drivers.☆312Updated 2 years ago
- Reverse engineered source code of the autochk rootkit☆195Updated 4 years ago
- Anti-debugging techniques on a (bad looking) Win32 application.☆232Updated 5 months ago
- SimpleSvmHook is a research purpose hypervisor for Windows on AMD processors.☆345Updated 3 years ago
- A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level …☆116Updated last year
- x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration☆214Updated 2 years ago
- Yet another windows internals repo☆202Updated 3 years ago