.data ptr swapper for newer win32k versions. (Supports Windows 11)
☆37Jan 19, 2026Updated last month
Alternatives and similar repositories for Win32kHooker
Users that are interested in Win32kHooker are comparing it to the libraries listed below
Sorting:
- "Bypassing" HVCI via donor PFN swaps to modify read-only code pages. Call chained kernel functions (kCET and SLAT support), modify read-o…☆95Feb 14, 2026Updated 3 weeks ago
- Create stealthy, inline, EPT-like hooks using SMAP and SMEP☆61Oct 19, 2024Updated last year
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆55Dec 30, 2025Updated 2 months ago
- ☆14Updated this week
- Beacon Debugger☆55Oct 28, 2024Updated last year
- Optimized zlib inflate (+gzip) library for embedded☆40Jul 15, 2024Updated last year
- Proof-of-concept code for understanding the allow-jit entitlement on macOS☆31Feb 19, 2026Updated 2 weeks ago
- A lightweight test harness designed to speed up shellcode development by providing an execution environment with integrated crash diagnos…☆43Jan 15, 2026Updated last month
- DMA Firmware☆16Jun 25, 2024Updated last year
- Windows kernel driver that detects hypervisors by probing SIDT/LIDT edge cases, paging/TLB behaviors, privilege transitions, and timing e…☆36Updated this week
- A Windows Kernel Driver Emulator base on Unicorn, Kernel Memory Dump and some of native environment☆165Jan 15, 2026Updated last month
- A simple POC to show how to chain multiple callbacks via tail calls to artificially construct a call stack☆99Dec 22, 2025Updated 2 months ago
- Example of waiting for Event Objects by associating them with a I/O Completion Port (IOCP), effectively lifting MAXIMUM_WAIT_OBJECTS (64)…☆42Oct 14, 2024Updated last year
- A C++/Asm template for PIC/EXE/DLL malware☆24Aug 12, 2025Updated 6 months ago
- Port of the EDRSilencer tool (https://github.com/netero1010/EDRSilencer) to BOF format☆33Oct 22, 2024Updated last year
- ☆117Dec 11, 2025Updated 2 months ago
- How to use PiDqSerializationWrite. Introduces how to safely read and write from mapped driver☆26May 29, 2023Updated 2 years ago
- Hooking Windows' exception dispatcher to protect process's PML4☆227Jan 24, 2025Updated last year
- Position-independent Reflective Loader for macOS☆119Feb 19, 2026Updated 2 weeks ago
- Packer is a compact, fast and crosss-platform serialization library for store data in a buffer☆22Aug 5, 2023Updated 2 years ago
- reverse proxy server☆19Jul 7, 2016Updated 9 years ago
- ☆21Feb 22, 2025Updated last year
- reverse engineering of the windows nt kernel debugger protocol & reimplementation.☆36Jul 2, 2024Updated last year
- Slaying multi-language LLVM IR with obfuscation passes to achieve JIT execution☆130Dec 24, 2025Updated 2 months ago
- Minimalistic HTTP(S) client for the NT kernel☆62Dec 1, 2025Updated 3 months ago
- Obfuscating function calls using Vectored Exception Handlers by redirecting execution through exception-based control flow. Uses byte swa…☆116Oct 30, 2025Updated 4 months ago
- Patches DSE by swapping both data ptrs located in SeValidateImageHeader && SeValidateImageData☆23Feb 9, 2024Updated 2 years ago
- Proof of concepts demonstrating some aspects of the Windows kernel shadow stack mitigation.☆54Jun 2, 2025Updated 9 months ago
- win10 pgContext dynamic dump (btc version)☆110Jan 15, 2020Updated 6 years ago
- My Fortnite Cheat SDK☆29Oct 21, 2024Updated last year
- Simple EFI runtime driver that hooks GetVariable function and returns data expected by Windows to make it think that it's running with se…☆214Oct 1, 2021Updated 4 years ago
- Windows kernel driver template for cmkr (with testsigning).☆36Jul 8, 2023Updated 2 years ago
- Kernel Level NMI Callback Blocker☆164Sep 27, 2025Updated 5 months ago
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Mar 29, 2025Updated 11 months ago
- Translate virtual addresses to physical addresses from usermode.☆108Jun 7, 2024Updated last year
- Minifilter Callback Patching Proof-of-Concept☆74Oct 31, 2022Updated 3 years ago
- x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration☆392Jul 6, 2022Updated 3 years ago
- driver that communicates using a shared section☆92Mar 17, 2025Updated 11 months ago
- ☆59Feb 19, 2026Updated 2 weeks ago