Call NtCreateUserProcess directly as normal.
☆77May 17, 2022Updated 3 years ago
Alternatives and similar repositories for Direct-NtCreateUserProcess
Users that are interested in Direct-NtCreateUserProcess are comparing it to the libraries listed below
Sorting:
- 扫描以及恢复 r3hook 类☆10Aug 29, 2021Updated 4 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- https://key08.com/index.php/2021/10/19/1375.html☆71May 11, 2022Updated 3 years ago
- Hook NtDeviceIoControlFile with PatchGuard☆107May 10, 2022Updated 3 years ago
- ☆48Nov 7, 2018Updated 7 years ago
- A proof of concept of real custom GetProcAddress and GetModuleBaseAddress☆21Jul 9, 2022Updated 3 years ago
- A simple example how to decrypt kernel debugger data block☆32Feb 8, 2021Updated 5 years ago
- ☆13Jan 21, 2019Updated 7 years ago
- A small PoC that creates processes in Windows☆187Jun 6, 2024Updated last year
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- Kill Protected Process Light Process (include av)☆57Sep 15, 2023Updated 2 years ago
- Hotkey-based keylogger for Windows☆33Oct 17, 2024Updated last year
- Interprocess communication library, providing the ability to call functions from each other☆20Oct 3, 2019Updated 6 years ago
- codes for my blog post: https://secrary.com/Random/InstrumentationCallback/☆182Nov 30, 2017Updated 8 years ago
- Enum and Remove Hook in Windows☆52Dec 11, 2025Updated 3 months ago
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆37Jul 27, 2021Updated 4 years ago
- Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html☆144May 10, 2022Updated 3 years ago
- Windows API Call Obfuscation☆113Dec 9, 2022Updated 3 years ago
- 大数字驱动逆向代码☆78Nov 4, 2023Updated 2 years ago
- ☆44Oct 7, 2018Updated 7 years ago
- Kernel shellcode injector☆148Mar 23, 2021Updated 4 years ago
- ☆14Mar 8, 2019Updated 7 years ago
- Quick check of NT kernel exported&unexported functions/global variable offset NT内核导出以及未导出函数+全局变量偏移速查☆98Mar 30, 2023Updated 2 years ago
- 过去写的一些Windows安全研究相关代码☆135Feb 2, 2019Updated 7 years ago
- HyperDbg's Graphical User Interface (GUI)☆82Feb 16, 2026Updated last month
- Mhy Exp (exploit signed driver)☆141May 17, 2022Updated 3 years ago
- The Kernel-Mode Winsock library, supporting TCP, UDP and Unix sockets (DGRAM and STREAM).☆290Jan 27, 2025Updated last year
- 利用物理内存映射,实现虚拟内存的伪隐藏☆86Sep 15, 2022Updated 3 years ago
- For Example. See Miro's Blog☆30Nov 26, 2022Updated 3 years ago
- InfinityHookPro Win7 -> Win11 latest☆553Feb 7, 2023Updated 3 years ago
- A general solution to simulate execution of virtualized instructions (vmprotect/themida, etc.).☆77Feb 9, 2022Updated 4 years ago
- Windows 7/2008 R2 EoP☆13Feb 12, 2021Updated 5 years ago
- 从MmPfnData中枚举进程和页目录基址☆208Aug 18, 2023Updated 2 years ago
- x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration☆393Jul 6, 2022Updated 3 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆140Sep 12, 2022Updated 3 years ago
- It stinks☆103Apr 22, 2022Updated 3 years ago
- ☆174Mar 9, 2022Updated 4 years ago
- Code Injection, Inject malicious payload via pagetables pml4.☆243Jul 7, 2021Updated 4 years ago
- ☆12Dec 15, 2016Updated 9 years ago