A minimalistic way to spoof return addresses without using exceptions
☆18Jul 26, 2022Updated 3 years ago
Alternatives and similar repositories for Ret-Spoofing
Users that are interested in Ret-Spoofing are comparing it to the libraries listed below
Sorting:
- Illustrates the concept of return address spoofing, and how it is used.☆14May 13, 2020Updated 5 years ago
- ☆41Mar 23, 2023Updated 3 years ago
- A simple way to spoof return addresses using an exception handler☆44Aug 3, 2022Updated 3 years ago
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- A C++ wrapper for icedx86 decoder☆48Jul 28, 2025Updated 7 months ago
- PointerGuard is a proof-of-concept tool used to create 'guarded' pointers which disguise pointer addresses, monitor reads/writes, and pre…☆57May 23, 2022Updated 3 years ago
- Register a callback in Kernel from a manually mapped driver☆47Jun 1, 2021Updated 4 years ago
- Decoder for VMProtect hwids☆18Aug 1, 2022Updated 3 years ago
- ☆50Apr 19, 2020Updated 5 years ago
- ☆23Oct 18, 2021Updated 4 years ago
- A simple MmCopyMemory hook.☆38Jul 11, 2022Updated 3 years ago
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆55Dec 30, 2025Updated 2 months ago
- Detect removed thread from PspCidTable.☆75Mar 18, 2022Updated 4 years ago
- Compileable POC of namazso's x64 return address spoofer.☆50Jun 10, 2020Updated 5 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.☆151Feb 12, 2022Updated 4 years ago
- A wrapper class to hide the original calling address of a function☆55Aug 9, 2020Updated 5 years ago
- Simple anti-instrumentation with EFLAGS.AC☆17Mar 31, 2025Updated 11 months ago
- Just check hypervisor in ring0☆16Jun 7, 2023Updated 2 years ago
- C/C++ example of InjectMouseInput function☆35Apr 17, 2021Updated 4 years ago
- Rust program for interfacing with the gigabyte driver to gain access to powerful primitives such as arbitrary kernel memcpy.☆17Nov 26, 2022Updated 3 years ago
- A high-fidelity x86_64 polymorphic mutation engine focused on instruction-level fragmentation and context preservation.☆111Jan 18, 2026Updated 2 months ago
- Based off of [tarekwiz / League-Unpacker]☆23Aug 26, 2023Updated 2 years ago
- Walks through the 4-level paging structures in Windows x64☆13Feb 12, 2023Updated 3 years ago
- VEH Redirect & VEH Debugger☆23May 18, 2020Updated 5 years ago
- Simple IOCTL hooking driver for Kernel- User - Mode communication.☆11Jul 26, 2020Updated 5 years ago
- POC of PPID spoofing using NtCreateUserProcess with syscalls to create a suspended process and performing process injection by overwritti…☆41Sep 23, 2021Updated 4 years ago
- ☆137Aug 6, 2022Updated 3 years ago
- Handling C++ & __try exceptions without the need of built-in handlers.☆77Aug 28, 2021Updated 4 years ago
- ☆10Jul 18, 2022Updated 3 years ago
- "Bypassing" HVCI via donor PFN swaps to modify read-only code pages. Call chained kernel functions (kCET and SLAT support), modify read-o…☆105Updated this week
- Some drivers I've written while solving exercises from Practical Reverse Engineering☆15Jan 9, 2022Updated 4 years ago
- Helper scripts for windows debugging with symbols for Bochs and IDA Pro (PDB files). Very handy for user mode <--> kernel mode☆19Aug 11, 2023Updated 2 years ago
- A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.☆158Nov 14, 2021Updated 4 years ago
- Small c++ basic packet sniffer for TCP, UDP, IGMP, and Others. Built for learning purposes.☆27Oct 12, 2016Updated 9 years ago
- Cube World Reversing & Cheat (x64) - Include IDA file and unpacked game☆13Aug 1, 2023Updated 2 years ago
- An example code of CiGetCertPublisherName☆16Mar 24, 2022Updated 3 years ago
- BattlEye kernel module bypass☆176Oct 1, 2022Updated 3 years ago
- This tool will allow you to spoof the return addresses of your functions as well as system functions.☆554Nov 12, 2022Updated 3 years ago