Peribunt / VPGATHERLinks
Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in user-mode.
☆52Updated last month
Alternatives and similar repositories for VPGATHER
Users that are interested in VPGATHER are comparing it to the libraries listed below
Sorting:
- Generate a PDB file given the old PDB file and an address mapping☆51Updated 6 months ago
- Windows kernel driver that detects hypervisors by probing SIDT/LIDT edge cases, paging/TLB behaviors, privilege transitions, and timing e…☆36Updated last month
- Create stealthy, inline, EPT-like hooks using SMAP and SMEP☆60Updated last year
- WinHvShellcodeEmulator (WHSE) is a shellcode emulator leveraging the Windows Hypervisor Platform API☆26Updated 3 years ago
- A demonstration of hooking into the VMProtect-2 virtual machine☆23Updated 2 years ago
- Proof-of-concept game using VBS enclaves to protect itself from cheating☆49Updated last year
- Elevate arbitrary MSR writes to kernel execution.☆44Updated 2 years ago
- Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1☆71Updated 5 months ago
- Simple anti-instrumentation with EFLAGS.AC☆17Updated 10 months ago
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆79Updated 3 years ago
- "Bypassing" HVCI via donor PFN swaps to modify read-only code pages. Call chained kernel functions (kCET and SLAT support), modify read-o…☆47Updated 3 weeks ago
- Me fockin' pe protector☆45Updated 3 years ago
- ☆29Updated last year
- ☆15Updated 2 years ago
- vdk is a set of utilities used to help with exploitation of a vulnerable driver.☆46Updated 3 years ago
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Updated 10 months ago
- C++ Assembler with Built-in Mutation Engine☆30Updated 5 months ago
- ☆24Updated 2 years ago
- Header-only C++ library for producing PE files.☆34Updated 2 years ago
- This master thesis project continuously collects and analyses Microsoft Windows kernel drivers using static and dynamic methods to help s…☆21Updated last year
- POC Hook of nt!HvcallCodeVa☆54Updated 2 years ago
- ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel drive…☆50Updated 2 years ago
- Interprocess communication via a covert timing channel☆26Updated 3 months ago
- ☆31Updated 3 weeks ago
- How Meltdown and Spectre haunt Anti-Cheat: DVRT details☆22Updated last year
- Find out how to bypass HVCI (or not). My own research on Microsoft Warbird (specifically in clipsp.sys)☆92Updated 3 months ago
- Symbolic Execution based on lifting amd64 to z3☆31Updated last year
- A high-fidelity x86_64 polymorphic mutation engine focused on instruction-level fragmentation and context preservation.☆109Updated 3 weeks ago
- Sample/PoC Windows kernel driver for detect DMA devices by using Vendor ID and Device ID signatures☆38Updated last year
- Windows kernel driver template for cmkr and llvm-msvc.☆35Updated 2 years ago