Peribunt / Exception-Ret-SpoofingLinks
A simple way to spoof return addresses using an exception handler
☆31Updated 2 years ago
Alternatives and similar repositories for Exception-Ret-Spoofing
Users that are interested in Exception-Ret-Spoofing are comparing it to the libraries listed below
Sorting:
- x64 assembler library☆31Updated last year
- A simple present scene, kernel allocation injector.☆24Updated 2 years ago
- comparing data of module exports from disk and memory, then caching any differences.☆22Updated 3 years ago
- A demonstration of hooking into the VMProtect-2 virtual machine☆19Updated last year
- ☆30Updated 2 years ago
- ☆14Updated 4 years ago
- Intraceptor intercept Windows NT API calls and redirect them to a kernel driver to bypass process/threads handle protections.☆29Updated 3 years ago
- ☆22Updated 2 years ago
- Old way for blocking NMI interrupts☆26Updated 2 years ago
- Single header library to simplify the usage of direct syscalls. x64/x86☆11Updated 2 years ago
- An example code of CiGetCertPublisherName☆16Updated 3 years ago
- ☆12Updated last year
- simply manual map any system image☆17Updated 4 years ago
- Illustrates the concept of return address spoofing, and how it is used.☆13Updated 5 years ago
- Hijack NotifyRoutine for a kernelmode thread☆42Updated 3 years ago
- A library for intel VT-x hypervisor functionality supporting EPT shadowing.☆50Updated 4 years ago
- detect hypervisor with Nmi Callback☆34Updated 2 years ago
- A Simple Example☆21Updated 6 years ago
- A minimalistic way to spoof return addresses without using exceptions☆14Updated 2 years ago
- A poc that abuses Enclave☆38Updated 2 years ago
- a driver to enumerate registered pnp callbacks for a particular interface class based on reversal of IoRegisterPlugPlayNotification☆11Updated last year
- Manually Mapped Windows Kernel Driver + Usermode API for Arbitrary R/W to UM process via a UM thread trapped in kernel, synchronized with…☆16Updated 4 years ago
- ☆17Updated 3 years ago
- RWX Section Abusing☆17Updated last year
- Stealing signatures from pe files☆17Updated 2 months ago
- ☆22Updated last year
- Open Anti Cheat☆27Updated 2 years ago
- This driver hooks a device object for ioctl and uses mdls to allocate physical pages and manually injects an entry into a process's page …☆14Updated 2 years ago
- search for a driver/dll module that has a wanted section bigger than the size of your image☆19Updated 3 years ago
- Only for Stress-Testing☆24Updated 3 years ago