A C++ syscall ID extractor for Windows. Developed, debugged and tested on 20H2.
☆21May 25, 2021Updated 4 years ago
Alternatives and similar repositories for syscall_extractor
Users that are interested in syscall_extractor are comparing it to the libraries listed below
Sorting:
- a simple intel vt code both support x86 & x64. PatchGuard monitor.☆77Oct 28, 2021Updated 4 years ago
- Source code on the 1.44MB 3.5 floppy accompanying the Windows NT File System Internals book.☆20Jul 31, 2019Updated 6 years ago
- ☆15Mar 13, 2023Updated 2 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- A library for intel VT-x hypervisor functionality supporting EPT shadowing.☆51Mar 11, 2021Updated 4 years ago
- A kernel mode Windows rootkit in development.☆49Dec 31, 2021Updated 4 years ago
- collection of code snippets,windbg,python scripts and resources☆13Jul 11, 2022Updated 3 years ago
- Bypassing kernel patch protection runtime☆22Feb 19, 2023Updated 3 years ago
- Experiment to use sections as User/Kernelmode comm vector☆22Apr 7, 2023Updated 2 years ago
- VT Hook☆51Jul 2, 2024Updated last year
- Kernel-based memory hacking framework communicating with a kernel driver via sockets.☆97May 25, 2021Updated 4 years ago
- Simple Demo of using Windows Hypervisor Platform☆29Jul 14, 2025Updated 7 months ago
- ☆14Nov 29, 2021Updated 4 years ago
- Not mine. Only for saving☆26Jun 28, 2022Updated 3 years ago
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.☆155Nov 14, 2021Updated 4 years ago
- ☆18Mar 28, 2023Updated 2 years ago
- An example code of CiGetCertPublisherName☆17Mar 24, 2022Updated 3 years ago
- ☆43Apr 18, 2023Updated 2 years ago
- ☆17Oct 31, 2022Updated 3 years ago
- Dangling COM Keys Finder☆17Nov 16, 2021Updated 4 years ago
- Analysing and defeating PatchGuard universally☆36Nov 4, 2020Updated 5 years ago
- clearing traces of a loaded driver☆47Jul 2, 2022Updated 3 years ago
- mouseclassservicecallback detection via hook☆52Feb 7, 2022Updated 4 years ago
- Handling C++ & __try exceptions without the need of built-in handlers.☆77Aug 28, 2021Updated 4 years ago
- ☆73Aug 31, 2022Updated 3 years ago
- ☆40Mar 23, 2023Updated 2 years ago
- POC Hook of nt!HvcallCodeVa☆54May 8, 2023Updated 2 years ago
- ☆23May 8, 2023Updated 2 years ago
- A VM and VT detection vector,detects KVM,VMware,HYPER-V,Hypervisor and ...(Intel Only)☆21Nov 12, 2020Updated 5 years ago
- Allows for same-file KernelMode function execution using Encrypted addresses of Functions☆51Sep 27, 2025Updated 5 months ago
- Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL☆219Nov 12, 2020Updated 5 years ago
- This is the P.O.C source for hooking the system calls on Windows 10 (1903) using it's dynamic trace feature weakness☆53Sep 12, 2019Updated 6 years ago
- Dumps information about all the callback objects found in a dump file and the functions registered for them☆37Oct 21, 2020Updated 5 years ago
- Custom KiSystemStartup, can be used to modificate kernel before boot.☆53Apr 7, 2022Updated 3 years ago
- Example of reading process memory through kernel special APC☆110Apr 21, 2023Updated 2 years ago
- ☆18Jun 13, 2022Updated 3 years ago
- Corsair LL Access driver abuse☆24Apr 16, 2021Updated 4 years ago
- An advanced DKOM for drivers with "DRIVER_OBJECT"☆22Feb 19, 2023Updated 3 years ago