Windows 11 24H2-25H2 Runtime PatchGuard Bypass
☆252Nov 4, 2025Updated 3 months ago
Alternatives and similar repositories for kurasagi
Users that are interested in kurasagi are comparing it to the libraries listed below
Sorting:
- Hooking Windows' exception dispatcher to protect process's PML4☆228Jan 24, 2025Updated last year
- Integration of Microsoft Warbird with the MSVC compiler☆132Jul 16, 2023Updated 2 years ago
- Translate virtual addresses to physical addresses from usermode.☆104Jun 7, 2024Updated last year
- Hells Hollow Windows 11 Rootkit technique to Hook the SSDT via Alt Syscalls☆217Aug 31, 2025Updated 6 months ago
- Comprehensive Windows Syscall Extraction & Analysis Framework☆162Aug 30, 2025Updated 6 months ago
- ☆49Nov 7, 2024Updated last year
- protector & obfuscator & code virtualizer☆679Updated this week
- 巨硬☆17Oct 4, 2023Updated 2 years ago
- NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks (eithe…☆252Feb 19, 2026Updated last week
- Virtual Trust Level (VTL 1) secure call tracing☆103Feb 12, 2026Updated 2 weeks ago
- Deobfuscation of Semi-Linear Mixed Boolean-Arithmetic Expressions☆80Jan 24, 2026Updated last month
- A serie of exploits targeting eneio64.sys - Turning Physical Memory R/W into Virtual Memory R/W☆116Oct 19, 2025Updated 4 months ago
- Rust library for lifting raw binary data to LLVM IR☆64Jul 18, 2025Updated 7 months ago
- Browse Page Tables on Windows (Page Table Viewer)☆234Apr 2, 2022Updated 3 years ago
- ☆144Dec 10, 2022Updated 3 years ago
- Reimplementation of Microsoft's Warbird obuscator☆203Jun 24, 2024Updated last year
- windows rootkit☆60May 2, 2024Updated last year
- C++ macro for x64 programs that breaks ida hex-rays decompiler tool.☆140Apr 12, 2024Updated last year
- lib-nosa is a minimalist C library designed to facilitate socket connections through AFD driver IOCTL operations on Windows.☆122Sep 8, 2024Updated last year
- Inline syscalls made for MSVC supporting x64 and WOW64☆193Jul 10, 2023Updated 2 years ago
- ☆38Apr 15, 2025Updated 10 months ago
- PE (and elf now!) bin2bin obfuscator☆820Oct 11, 2025Updated 4 months ago
- Windows PDB parser for kernel-mode environment.☆110Jun 7, 2025Updated 8 months ago
- A proof of concept of real custom GetProcAddress and GetModuleBaseAddress☆21Jul 9, 2022Updated 3 years ago
- Collection of hypervisor detections☆297Sep 25, 2024Updated last year
- Finding Truth in the Shadows☆123Jan 26, 2023Updated 3 years ago
- Native code virtualizer for x64 binaries☆517Dec 20, 2024Updated last year
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Mar 29, 2025Updated 11 months ago
- Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.☆382Aug 8, 2021Updated 4 years ago
- 从MmPfnData中枚举进程和页目录基址☆207Aug 18, 2023Updated 2 years ago
- Lenovo Diagnostics Driver EoP - Arbitrary R/W☆178Dec 5, 2022Updated 3 years ago
- Easy Anti PatchGuard☆223Apr 9, 2021Updated 4 years ago
- ☆361May 11, 2025Updated 9 months ago
- ☆25Oct 18, 2023Updated 2 years ago
- bootkit驱动映射,三环进程注入加载指定模块☆14Oct 8, 2024Updated last year
- Standard Kernel Library for Windows manipulation in C++☆199Jun 18, 2025Updated 8 months ago
- 这篇文章的目的是介绍一款实验性项目基于COM命名管道或者Windows Hyper-V虚拟机Vmbus通道实现的运行在uefi上的windbg调试引擎开发心得☆44Jun 16, 2024Updated last year
- Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antiv…☆515Feb 15, 2026Updated 2 weeks ago
- Minimalistic AMD-V/SVM hypervisor with memory introspection capabilities☆372Feb 26, 2025Updated last year