A minimalistic way to spoof return addresses without using exceptions
☆17Jul 26, 2022Updated 3 years ago
Alternatives and similar repositories for Ret-Spoofing
Users that are interested in Ret-Spoofing are comparing it to the libraries listed below
Sorting:
- Illustrates the concept of return address spoofing, and how it is used.☆14May 13, 2020Updated 5 years ago
- ☆40Mar 23, 2023Updated 2 years ago
- Decoder for VMProtect hwids☆18Aug 1, 2022Updated 3 years ago
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆54Dec 30, 2025Updated 2 months ago
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- Register a callback in Kernel from a manually mapped driver☆47Jun 1, 2021Updated 4 years ago
- VEH Redirect & VEH Debugger☆23May 18, 2020Updated 5 years ago
- A simple way to spoof return addresses using an exception handler☆43Aug 3, 2022Updated 3 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- ASM Bootkit that patches DSE at boot allowing to load unsigned drivers☆14Aug 24, 2025Updated 6 months ago
- A simple MmCopyMemory hook.☆38Jul 11, 2022Updated 3 years ago
- A C++ wrapper for icedx86 decoder☆49Jul 28, 2025Updated 7 months ago
- Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.☆151Feb 12, 2022Updated 4 years ago
- Simple IOCTL hooking driver for Kernel- User - Mode communication.☆11Jul 26, 2020Updated 5 years ago
- Rust program for interfacing with the gigabyte driver to gain access to powerful primitives such as arbitrary kernel memcpy.☆17Nov 26, 2022Updated 3 years ago
- ☆10Jul 18, 2022Updated 3 years ago
- "Bypassing" HVCI via donor PFN swaps to modify read-only code pages. Call chained kernel functions (kCET and SLAT support), modify read-o…☆93Feb 14, 2026Updated 2 weeks ago
- Detect removed thread from PspCidTable.☆75Mar 18, 2022Updated 3 years ago
- A wrapper class to hide the original calling address of a function☆54Aug 9, 2020Updated 5 years ago
- Intraceptor intercept Windows NT API calls and redirect them to a kernel driver to bypass process/threads handle protections.☆32May 18, 2022Updated 3 years ago
- Walks through the 4-level paging structures in Windows x64☆13Feb 12, 2023Updated 3 years ago
- PointerGuard is a proof-of-concept tool used to create 'guarded' pointers which disguise pointer addresses, monitor reads/writes, and pre…☆57May 23, 2022Updated 3 years ago
- ☆12Jul 13, 2022Updated 3 years ago
- [WIP] claude opus x86_64 disassembler/lifter/recompiler☆34Feb 12, 2026Updated 2 weeks ago
- Manually Mapped Windows Kernel Driver + Usermode API for Arbitrary R/W to UM process via a UM thread trapped in kernel, synchronized with…☆15Dec 23, 2020Updated 5 years ago
- Windows kernel ROP-only implant exposing R/W primitives☆42Feb 1, 2026Updated last month
- Custom KiSystemStartup, can be used to modificate kernel before boot.☆53Apr 7, 2022Updated 3 years ago
- Some drivers I've written while solving exercises from Practical Reverse Engineering☆15Jan 9, 2022Updated 4 years ago
- Just check hypervisor in ring0☆16Jun 7, 2023Updated 2 years ago
- Cube World Reversing & Cheat (x64) - Include IDA file and unpacked game☆13Aug 1, 2023Updated 2 years ago
- BattlEye kernel module bypass☆178Oct 1, 2022Updated 3 years ago
- C/C++ example of InjectMouseInput function☆35Apr 17, 2021Updated 4 years ago
- My take on the capcom driver vulnerability☆28Aug 7, 2017Updated 8 years ago
- ☆50Apr 19, 2020Updated 5 years ago
- ☆136Aug 6, 2022Updated 3 years ago
- Programmatically set hardware breakpoint with C++ on Windows☆38Feb 21, 2024Updated 2 years ago
- Helper scripts for windows debugging with symbols for Bochs and IDA Pro (PDB files). Very handy for user mode <--> kernel mode☆19Aug 11, 2023Updated 2 years ago
- ☆17Apr 21, 2022Updated 3 years ago
- An example code of CiGetCertPublisherName☆17Mar 24, 2022Updated 3 years ago