Taking advantage of CRT initialization, to get away with hooking protected applications
☆48Nov 2, 2022Updated 3 years ago
Alternatives and similar repositories for proxy_dll
Users that are interested in proxy_dll are comparing it to the libraries listed below
Sorting:
- ASM Bootkit that patches DSE at boot allowing to load unsigned drivers☆14Aug 24, 2025Updated 6 months ago
- A simple process query/manipulation tool using driver hooked system call. (2019)☆12Aug 30, 2021Updated 4 years ago
- ☆40Mar 23, 2023Updated 2 years ago
- R3劫持所有异常☆15Jan 4, 2021Updated 5 years ago
- collection of code snippets,windbg,python scripts and resources☆13Jul 11, 2022Updated 3 years ago
- Using NtCreateFile and NtDeviceIoControlFile to realize the function of winsock(利用NtCreateFile和NtDeviceIoControlFile 实现winsock的功能)☆128Sep 9, 2022Updated 3 years ago
- Kernel Detective☆151Aug 12, 2022Updated 3 years ago
- kernel-mode TDI client which can send and receive HTTP requests☆56Jun 9, 2018Updated 7 years ago
- Cross-platform proxy resolution library written in C.☆17Updated this week
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- Advanced driver monitoring utility.☆219Jul 13, 2022Updated 3 years ago
- Load a 64-bit DLL into a 32-bit process.☆30Nov 14, 2021Updated 4 years ago
- Code Integrity Violation Spotter☆17Jun 11, 2024Updated last year
- Helper scripts for windows debugging with symbols for Bochs and IDA Pro (PDB files). Very handy for user mode <--> kernel mode☆19Aug 11, 2023Updated 2 years ago
- Example of making debugger using Hardware Breakpoint + VEH☆18May 13, 2021Updated 4 years ago
- Example RPC service for blog post☆17Jul 13, 2019Updated 6 years ago
- WinXPSP2.Cermalus on stereoids, supporting all 32 bits Windows version. Windows Kernel Virus stuff for noobs☆18Aug 11, 2023Updated 2 years ago
- Disk based DMA for ATA and SCSI☆42Sep 22, 2023Updated 2 years ago
- Remote memory library in C++17.☆34May 31, 2018Updated 7 years ago
- Python script for sending e-mails with CVE-2023-23397 payload using SMTP☆14Mar 22, 2023Updated 2 years ago
- Headers for linking your software with ntdll.dll☆15Nov 4, 2020Updated 5 years ago
- A crappy hook on SpAcceptLsaModeContext that prints incoming auth attempts. WIP☆37Jul 27, 2021Updated 4 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- Loading and executing shellcode in C# without PInvoke.☆22Jan 10, 2022Updated 4 years ago
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- Finding Truth in the Shadows☆123Jan 26, 2023Updated 3 years ago
- ☆124May 12, 2021Updated 4 years ago
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆84Dec 21, 2022Updated 3 years ago
- ☆25Aug 7, 2023Updated 2 years ago
- detect hypervisor with Nmi Callback☆42Sep 25, 2022Updated 3 years ago
- Lightweight cryptography☆14Nov 7, 2022Updated 3 years ago
- https://key08.com/index.php/2021/10/19/1375.html☆71May 11, 2022Updated 3 years ago
- ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel drive…☆50Mar 22, 2023Updated 2 years ago
- ntdll.h - compatible with MSVC 6.0, Intel C++ Compiler and MinGW. Serves as a complete replacement for Windows.h☆149Jun 16, 2019Updated 6 years ago
- Obfuscate calls to imports by patching in stubs☆72Aug 4, 2021Updated 4 years ago
- ☆44Oct 7, 2018Updated 7 years ago
- Reverse Engineering a signed kernel driver packed and virtualized with VMProtect 3.6☆105Apr 28, 2023Updated 2 years ago
- ☆11Apr 23, 2019Updated 6 years ago
- Reversed WintaPix Malware Source code | That targets countries in the Middle East and abuse KeServiceDescriptorTable(SSDT), persistence a…☆22Jul 6, 2024Updated last year