Call NtCreateUserProcess directly as normal.
☆77May 17, 2022Updated 3 years ago
Alternatives and similar repositories for Direct-NtCreateUserProcess
Users that are interested in Direct-NtCreateUserProcess are comparing it to the libraries listed below
Sorting:
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- https://key08.com/index.php/2021/10/19/1375.html☆71May 11, 2022Updated 3 years ago
- 扫描以及恢复 r3hook 类☆10Aug 29, 2021Updated 4 years ago
- A proof of concept of real custom GetProcAddress and GetModuleBaseAddress☆21Jul 9, 2022Updated 3 years ago
- Hook NtDeviceIoControlFile with PatchGuard☆107May 10, 2022Updated 3 years ago
- A simple example how to decrypt kernel debugger data block☆32Feb 8, 2021Updated 5 years ago
- ☆13Jan 21, 2019Updated 7 years ago
- ☆48Nov 7, 2018Updated 7 years ago
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆37Jul 27, 2021Updated 4 years ago
- Interprocess communication library, providing the ability to call functions from each other☆20Oct 3, 2019Updated 6 years ago
- Hotkey-based keylogger for Windows☆32Oct 17, 2024Updated last year
- Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html☆144May 10, 2022Updated 3 years ago
- A small PoC that creates processes in Windows☆187Jun 6, 2024Updated last year
- Windows API Call Obfuscation☆112Dec 9, 2022Updated 3 years ago
- HyperDbg's Graphical User Interface (GUI)☆81Feb 16, 2026Updated last week
- It stinks☆105Apr 22, 2022Updated 3 years ago
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- Kill Protected Process Light Process (include av)☆58Sep 15, 2023Updated 2 years ago
- codes for my blog post: https://secrary.com/Random/InstrumentationCallback/☆183Nov 30, 2017Updated 8 years ago
- 过去写的一些Windows安全研究相关代码☆135Feb 2, 2019Updated 7 years ago
- Kernel shellcode injector☆148Mar 23, 2021Updated 4 years ago
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆108Jan 3, 2021Updated 5 years ago
- 大数字驱动逆向代码☆78Nov 4, 2023Updated 2 years ago
- Windows Kernel Programming Experiments☆84Sep 18, 2022Updated 3 years ago
- Single stub direct and indirect syscalling with runtime SSN resolving for windows.☆140Sep 12, 2022Updated 3 years ago
- The Kernel-Mode Winsock library, supporting TCP, UDP and Unix sockets (DGRAM and STREAM).☆284Jan 27, 2025Updated last year
- PoC: Exploit 32-bit Thread Snapshot of WOW64 to Take Over $RIP & Inject & Bypass Antivirus HIPS (HITB 2021)☆167May 27, 2021Updated 4 years ago
- Monitor ETW events for Windows process mitigation policies, with stack traces☆31Oct 7, 2022Updated 3 years ago
- A exe loader that can load NScript evaluation engine of Windows Defender/Microsft Security Essential. You can fuzz NScript by using this.…☆28Oct 18, 2017Updated 8 years ago
- 利用物理内存映射,实现虚拟内存的伪隐藏☆86Sep 15, 2022Updated 3 years ago
- Mhy Exp (exploit signed driver)☆141May 17, 2022Updated 3 years ago
- This project migrated to https://github.com/backengineering/llvm-msvc☆83Sep 3, 2023Updated 2 years ago
- InfinityHookPro Win7 -> Win11 latest☆551Feb 7, 2023Updated 3 years ago
- Code Injection, Inject malicious payload via pagetables pml4.☆243Jul 7, 2021Updated 4 years ago
- Get your data from the resource section manually, with no need for windows apis☆67Oct 22, 2024Updated last year
- Archive R/W into any protected process by changing the value of KTHREAD->PreviousMode☆163Jul 31, 2022Updated 3 years ago
- c++ implementation of windows heavens gate☆70Feb 12, 2021Updated 5 years ago
- For Example. See Miro's Blog☆30Nov 26, 2022Updated 3 years ago
- Open-source EDR kernel-component for system monitoring and DLL injection☆33Nov 14, 2020Updated 5 years ago