MartinDrab / IRPMon
The goal of the tool is to monitor requests received by selected device objects or kernel drivers. The tool is quite similar to IrpTracker but has several enhancements. It supports 64-bit versions of Windows (no inline hooks are used, only moodifications to driver object structures are performed) and monitors IRP, FastIo, AddDevice, DriverUnload…
☆368Updated 3 weeks ago
Alternatives and similar repositories for IRPMon:
Users that are interested in IRPMon are comparing it to the libraries listed below
- Syscall Monitor is a system monitor program (like Sysinternal's Process Monitor) using Intel VT-X/EPT for Windows7+☆726Updated 7 years ago
- WinDBG Anti-RootKit Extension☆623Updated 4 years ago
- Windows NT x64 syscall fuzzer☆596Updated last year
- Examples of leaking Kernel Mode information from User Mode on Windows☆585Updated 7 years ago
- Detours with just single dependency - NTDLL☆617Updated 2 years ago
- Research on Windows Kernel Executive Callback Objects☆282Updated 4 years ago
- PatchGuard Research☆295Updated 6 years ago
- SimpleSvmHook is a research purpose hypervisor for Windows on AMD processors.☆360Updated 3 years ago
- kHypervisor is a lightweight bluepill-like nested VMM for Windows, it provides and emulating a basic function of Intel VT-x☆414Updated 3 years ago
- pdbex is a utility for reconstructing structures and unions from the PDB into compilable C headers☆833Updated 4 months ago
- DriverBuddy is an IDA Python script to assist with the reverse engineering of Windows kernel drivers.☆354Updated 5 years ago
- Minimalistic VT-x hypervisor with hooks☆832Updated 5 years ago
- This driver implements the Intel Processor Trace functionality in Intel Skylake architecture for Microsoft Windows☆433Updated 6 years ago
- Detecting execution of kernel memory where is not backed by any image file☆258Updated 6 years ago
- VivienneVMM is a stealthy debugging framework implemented via an Intel VT-x hypervisor.☆788Updated 4 years ago
- Persistent IAT hooking application - based on bearparser☆249Updated 2 years ago
- Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.☆568Updated 3 weeks ago
- Monitoring and controlling kernel API calls with stealth hook using EPT☆1,199Updated 2 years ago
- VirtualKD-Redux - A revival and modernization of VirtualKD☆848Updated 6 months ago
- zer0m0n driver for cuckoo sandbox☆357Updated 9 years ago
- The Windows Library for Intel Process Trace (WinIPT) is a project that leverages the new Intel Processor Trace functionality exposed by W…☆374Updated last year
- Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.☆851Updated 5 years ago
- Universal PatchGuard and Driver Signature Enforcement Disable☆836Updated 5 years ago
- A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.☆425Updated 6 years ago
- pseudo-code to show how to disable patchguard with win10☆296Updated 7 years ago
- A minimalistic educational hypervisor for Windows on AMD processors.☆352Updated last year
- Unicorn PE is an unicorn based instrumentation project designed to emulate code execution for windows PE files.☆812Updated 8 months ago
- ☆224Updated 3 years ago
- proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC☆1,188Updated 8 months ago
- windows syscall table from xp ~ 10 rs4☆350Updated 6 years ago