Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in user-mode.
☆54Dec 30, 2025Updated 2 months ago
Alternatives and similar repositories for VPGATHER
Users that are interested in VPGATHER are comparing it to the libraries listed below
Sorting:
- Create stealthy, inline, EPT-like hooks using SMAP and SMEP☆61Oct 19, 2024Updated last year
- Simple anti-instrumentation with EFLAGS.AC☆17Mar 31, 2025Updated 11 months ago
- A simple C++ driver base with KD data block☆11Jun 25, 2022Updated 3 years ago
- Binary lifter and deobfuscator using remill for x86_64 Windows binaries☆59Updated this week
- [WIP] claude opus x86_64 disassembler/lifter/recompiler☆34Feb 12, 2026Updated 2 weeks ago
- Zyrox: LLVM based, compile-time obfuscator plugin.☆88Feb 21, 2026Updated last week
- An example code of CiGetCertPublisherName☆16Mar 24, 2022Updated 3 years ago
- A minimalistic way to spoof return addresses without using exceptions☆17Jul 26, 2022Updated 3 years ago
- An advanced singular header-only C++20 obfuscation library with encryption and polymorphism.☆68Feb 26, 2026Updated last week
- .data ptr swapper for newer win32k versions. (Supports Windows 11)☆37Jan 19, 2026Updated last month
- A high-fidelity x86_64 polymorphic mutation engine focused on instruction-level fragmentation and context preservation.☆111Jan 18, 2026Updated last month
- Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols)☆68Aug 11, 2023Updated 2 years ago
- ☆61Oct 24, 2025Updated 4 months ago
- LLVM obfuscation pass, flattening at the basic block's level and turning each basic block into a dispacher and each instruction into a ne…☆49Aug 23, 2021Updated 4 years ago
- ☆25May 27, 2025Updated 9 months ago
- A rust proof of concept to demonstrate registry overwriting via RegRestoreKey using the Offline Registry Library☆24Nov 13, 2025Updated 3 months ago
- A REALLY Danger Windows Driver, Turn Any threads Ring0!☆13Aug 11, 2025Updated 6 months ago
- ASM Bootkit that patches DSE at boot allowing to load unsigned drivers☆15Aug 24, 2025Updated 6 months ago
- mash hypervisor host pml4☆17Jun 22, 2022Updated 3 years ago
- type 1 thin hypervisor written in C++☆17Dec 18, 2024Updated last year
- Leveraging TPM2 TCG Logs (Measured Boot) to Detect UEFI Drivers and Pre-Boot Applications☆22Mar 28, 2025Updated 11 months ago
- Resolve offsets, gadgets and symbols from NTKernel☆56Jan 15, 2026Updated last month
- Former UEFI Firmware Rootkit Replicating MoonBounce / ESPECTRE☆11Jun 14, 2022Updated 3 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆73Aug 11, 2023Updated 2 years ago
- DSE & PG bypass via BYOVD attack☆76Jul 12, 2025Updated 7 months ago
- Cheat for my own game SecureGame which uses a bootkit to hyperjack Hyper-V in order to access VBS enclave's memory☆103Dec 8, 2024Updated last year
- Windows x64 DLL/Driver manual map injection on a non-present PML4E using physical memory read/writes, direct page table manipulation and …☆85Sep 28, 2025Updated 5 months ago
- Hooking Windows' exception dispatcher to protect process's PML4☆228Jan 24, 2025Updated last year
- A beautiful, idiomatic and less frustrating IDA C++ SDK.☆98Updated this week
- An example of how to use Microsoft Windows Warbird technology☆96Apr 23, 2023Updated 2 years ago
- Supporting PoCs and scripts for my talk "OverLAPS: Overriding LAPS Logic"☆22Oct 12, 2025Updated 4 months ago
- Visual Studio Project example for using Microsoft's STL in WDM (Windows Kernel-mode Driver)☆25Jun 22, 2021Updated 4 years ago
- Research-focused hypervisor offering advanced tools for debugging, virtual machine introspection, and automation.☆44Nov 21, 2025Updated 3 months ago
- VT Hook☆51Jul 2, 2024Updated last year
- ntoskrnl .data hooks for UM-KM communication☆54May 26, 2024Updated last year
- Have you ever wondered: what if IDA had great Ctrl+F search support for Pseudocode windows? No longer!☆73Jan 10, 2026Updated last month
- A bootkit to bypass Windows login (WIP)☆10Oct 25, 2023Updated 2 years ago
- Small driver that uses alternative syscalls feature (the project is still under development).☆18May 9, 2024Updated last year
- A compiler for microarchitectural weird machines☆19Aug 10, 2024Updated last year