EBalloon / Rw-No-AttachView external linksLinks
☆159May 21, 2024Updated last year
Alternatives and similar repositories for Rw-No-Attach
Users that are interested in Rw-No-Attach are comparing it to the libraries listed below
Sorting:
- Mapping your code on a 0x1000 size page☆71May 20, 2022Updated 3 years ago
- base for testing☆186Sep 28, 2024Updated last year
- usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to …☆469Jan 3, 2022Updated 4 years ago
- Cool kernel communication method.☆100Jun 27, 2021Updated 4 years ago
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- Detect removed thread from PspCidTable.☆75Mar 18, 2022Updated 3 years ago
- UM-KM Communication using registry callbacks☆39Jun 8, 2020Updated 5 years ago
- ☆223May 10, 2022Updated 3 years ago
- A mapper that maps shellcode into loaded large page drivers☆318Apr 26, 2022Updated 3 years ago
- Hiding the window from screenshots using the function win32kfull::GreProtectSpriteContent☆624Dec 26, 2024Updated last year
- Kernel driver that .text hooks a syscall in dxgkrnl.sys which can be called from our user-mode client to send instructions like rpm/wpm a…☆204Dec 16, 2022Updated 3 years ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆159Apr 13, 2023Updated 2 years ago
- POC Hook of nt!HvcallCodeVa☆54May 8, 2023Updated 2 years ago
- Allows you to communicate with the kernel mode to manipulate memory in a stealthy way to avoid kernel anticheats.☆172May 8, 2022Updated 3 years ago
- ☆42Jul 1, 2022Updated 3 years ago
- This tool will allow you to spoof the return addresses of your functions as well as system functions.☆541Nov 12, 2022Updated 3 years ago
- Load your driver like win32k.sys☆258Aug 20, 2022Updated 3 years ago
- Detect-KeAttachProcess by iterating through all processes as well as checking the context of the thread.☆119Feb 8, 2022Updated 4 years ago
- undetected eac mapper☆169May 3, 2022Updated 3 years ago
- Bypasses for Windows kernel callbacks PatchGuard protection☆44Aug 15, 2021Updated 4 years ago
- mouseclassservicecallback detection via hook☆52Feb 7, 2022Updated 4 years ago
- r/w virtual memory without attach☆216Oct 19, 2023Updated 2 years ago
- Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executabl…☆382Jan 29, 2022Updated 4 years ago
- ☆193May 1, 2023Updated 2 years ago
- ☆144Dec 10, 2022Updated 3 years ago
- ☆192Dec 8, 2021Updated 4 years ago
- Stealthy UM <-> KM communication system without creating any system threads, permanent hooks, driver objects, section objects or device o…☆376Mar 15, 2024Updated last year
- Bypassing EasyAntiCheat.sys self-integrity by abusing call hierarchy☆83Oct 6, 2022Updated 3 years ago
- Old way for blocking NMI interrupts☆29Sep 6, 2022Updated 3 years ago
- kernel anticheat to test your driver against☆181Jun 16, 2025Updated 7 months ago
- Archive R/W into any protected process by changing the value of KTHREAD->PreviousMode☆163Jul 31, 2022Updated 3 years ago
- Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL☆220Nov 12, 2020Updated 5 years ago
- A basic demonstration of directly overwriting paging structures for physical memory r/w and interprocess memory copy☆102Jun 26, 2023Updated 2 years ago
- ☆64Jul 31, 2022Updated 3 years ago
- 从MmPfnData中枚举进程和页目录基址☆206Aug 18, 2023Updated 2 years ago
- 内核级别隐藏指定窗口☆320Feb 9, 2022Updated 4 years ago
- This is a simple project of a driver + usermode.☆169Jan 31, 2022Updated 4 years ago
- ☆73Aug 31, 2022Updated 3 years ago
- csgo external running from kernelmode☆107Nov 29, 2022Updated 3 years ago