Detect-KeAttachProcess by iterating through all processes as well as checking the context of the thread.
☆121Feb 8, 2022Updated 4 years ago
Alternatives and similar repositories for Detect-KeAttachProcess
Users that are interested in Detect-KeAttachProcess are comparing it to the libraries listed below
Sorting:
- Detect removed thread from PspCidTable.☆75Mar 18, 2022Updated 3 years ago
- Mapping your code on a 0x1000 size page☆71May 20, 2022Updated 3 years ago
- ☆47Feb 27, 2022Updated 4 years ago
- mouseclassservicecallback detection via hook☆52Feb 7, 2022Updated 4 years ago
- Easy Anti PatchGuard☆223Apr 9, 2021Updated 4 years ago
- ☆158May 21, 2024Updated last year
- Code for Battleyes shellcode☆239Nov 11, 2021Updated 4 years ago
- Hiding the window from screenshots using the function win32kfull::GreProtectSpriteContent☆628Dec 26, 2024Updated last year
- ☆192Dec 8, 2021Updated 4 years ago
- Bypassing EasyAntiCheat.sys self-integrity by abusing call hierarchy☆83Oct 6, 2022Updated 3 years ago
- Old way for blocking NMI interrupts☆29Sep 6, 2022Updated 3 years ago
- 09/2021 reversal of EasyAntiCheat driver☆235Dec 21, 2021Updated 4 years ago
- Archive R/W into any protected process by changing the value of KTHREAD->PreviousMode☆163Jul 31, 2022Updated 3 years ago
- c++ implementation of windows heavens gate☆70Feb 12, 2021Updated 5 years ago
- This project will give you an example how you can hook a kernel vtable function that cannot be directly called☆84Dec 25, 2021Updated 4 years ago
- Emulate Drivers in RING3 with self context mapping or unicorn☆365Aug 18, 2022Updated 3 years ago
- Hook NtDeviceIoControlFile with PatchGuard☆107May 10, 2022Updated 3 years ago
- base for testing☆186Sep 28, 2024Updated last year
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- Custom KiSystemStartup, can be used to modificate kernel before boot.☆53Apr 7, 2022Updated 3 years ago
- Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.☆151Feb 12, 2022Updated 4 years ago
- ☆224May 10, 2022Updated 3 years ago
- InfinityHookPro Win7 -> Win11 latest☆551Feb 7, 2023Updated 3 years ago
- ☆18Dec 4, 2020Updated 5 years ago
- ☆144Dec 10, 2022Updated 3 years ago
- Using SetWindowHookEx for preinjected DLL's☆57Aug 25, 2022Updated 3 years ago
- PointerGuard is a proof-of-concept tool used to create 'guarded' pointers which disguise pointer addresses, monitor reads/writes, and pre…☆57May 23, 2022Updated 3 years ago
- ☆51Dec 19, 2023Updated 2 years ago
- Example of reading process memory through kernel special APC☆110Apr 21, 2023Updated 2 years ago
- An example code of CiGetCertPublisherName☆17Mar 24, 2022Updated 3 years ago
- POC Hook of nt!HvcallCodeVa☆54May 8, 2023Updated 2 years ago
- 🪝 Various EPT hook detection approaches☆143Updated this week
- Discarded Section Manual Map☆68Jun 18, 2020Updated 5 years ago
- A kernel mode Windows rootkit in development.☆49Dec 31, 2021Updated 4 years ago
- Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL☆219Nov 12, 2020Updated 5 years ago
- A simple x86_64 AMD-v hypervisor type-2 Programmed with C++, with soon to be added syscall hooks. [W.I.P]☆104Aug 3, 2023Updated 2 years ago
- ☆48Mar 29, 2022Updated 3 years ago
- Analyze patches in a process☆259Jul 28, 2021Updated 4 years ago
- pdb's function and global vars to offset☆10Apr 11, 2023Updated 2 years ago