MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. MemoryRanger has been presented at the BlackHat, HITB, CDFSL.
☆232Jul 26, 2020Updated 5 years ago
Alternatives and similar repositories for MemoryRanger
Users that are interested in MemoryRanger are comparing it to the libraries listed below
Sorting:
- AllMemPro☆46Jan 15, 2018Updated 8 years ago
- VT-based PCI device monitor (SPI)☆158Oct 29, 2020Updated 5 years ago
- kHypervisor is a lightweight bluepill-like nested VMM for Windows, it provides and emulating a basic function of Intel VT-x☆443Nov 29, 2021Updated 4 years ago
- A native hypervisor designed for the Windows operating system☆125Mar 6, 2021Updated 4 years ago
- ☆39Oct 29, 2020Updated 5 years ago
- kernel-mode TDI client which can send and receive HTTP requests☆56Jun 9, 2018Updated 7 years ago
- This is the first software system, which can detect a stealthy hypervisor and calculate several nested ones even under countermeasures.☆87Jun 16, 2015Updated 10 years ago
- Hypervisor based tool for monitoring system register accesses.☆154Sep 13, 2018Updated 7 years ago
- win10 pgContext dynamic dump (btc version)☆110Jan 15, 2020Updated 6 years ago
- Research on Windows Kernel Executive Callback Objects☆316Feb 22, 2020Updated 6 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆240Nov 6, 2019Updated 6 years ago
- hook msr by amd svm☆125Dec 30, 2019Updated 6 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆109Apr 24, 2020Updated 5 years ago
- A library for intel VT-x hypervisor functionality supporting EPT shadowing.☆51Mar 11, 2021Updated 4 years ago
- createfile☆50Oct 27, 2015Updated 10 years ago
- usermode standalone kernel interface☆111Jul 9, 2018Updated 7 years ago
- Simple x86-64 VT-x Hypervisor with EPT Hooking☆951Apr 24, 2023Updated 2 years ago
- Page fault hook use ept (Intel Virtualization Technology)☆200Oct 19, 2016Updated 9 years ago
- Using C++ STL on Windows kernle development☆91Feb 21, 2019Updated 7 years ago
- Hide codes/data in the kernel address space.☆188May 8, 2021Updated 4 years ago
- ☆44Oct 7, 2018Updated 7 years ago
- ☆125May 23, 2020Updated 5 years ago
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆66Apr 4, 2020Updated 5 years ago
- Shareds for kernel developement☆29Dec 23, 2013Updated 12 years ago
- Elevation of privilege detector based on HyperPlatform☆123Mar 5, 2017Updated 8 years ago
- WinDBG Anti-RootKit Extension☆645Jul 29, 2020Updated 5 years ago
- A hypervisor hiding user-mode memory using EPT☆107Jan 28, 2018Updated 8 years ago
- Detecting execution of kernel memory where is not backed by any image file☆261Jul 11, 2018Updated 7 years ago
- Monitor ETW events for Windows process mitigation policies, with stack traces☆31Oct 7, 2022Updated 3 years ago
- Monitoring and controlling kernel API calls with stealth hook using EPT☆1,358Jan 22, 2022Updated 4 years ago
- Intel Virtualization Technology demo☆72Oct 15, 2016Updated 9 years ago
- VivienneVMM is a stealthy debugging framework implemented via an Intel VT-x hypervisor.☆821Sep 7, 2020Updated 5 years ago
- c++ implementation of windows heavens gate☆70Feb 12, 2021Updated 5 years ago
- Analyze patches in a process☆259Jul 28, 2021Updated 4 years ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆145Sep 5, 2020Updated 5 years ago
- Confirms the capability of Hardware-Accelerated Virtualization Technology.☆10Updated this week
- Hyper-V Research is trendy now☆198May 6, 2024Updated last year
- Minimalistic VT-x hypervisor with hooks☆931Oct 18, 2019Updated 6 years ago
- hvpp is a lightweight Intel x64/VT-x hypervisor written in C++ focused primarily on virtualization of already running operating system☆1,287Mar 15, 2021Updated 4 years ago