Call arbitrary Windows kernel-mode functions from Python on another machine
☆44Sep 17, 2021Updated 4 years ago
Alternatives and similar repositories for keval
Users that are interested in keval are comparing it to the libraries listed below
Sorting:
- Python library for controlling UEFI variables in Windows.☆36Feb 16, 2023Updated 3 years ago
- This project aims to facilitate debugging a kernel driver in windows by adding support for a code change on the fly without reboot/unload…☆170Apr 20, 2023Updated 2 years ago
- Browse Page Tables on Windows (Page Table Viewer)☆234Apr 2, 2022Updated 3 years ago
- ☆29Mar 9, 2024Updated last year
- allowing um r/w through km from um ioctl ™☆11Jan 2, 2022Updated 4 years ago
- Comparison table of VMX capabilities for a bunch of processors☆13Nov 3, 2020Updated 5 years ago
- The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Micro…☆150May 29, 2020Updated 5 years ago
- ☆15Mar 13, 2023Updated 2 years ago
- javascript extension of windbg for hacker.☆18Jun 27, 2023Updated 2 years ago
- Code Integrity Violation Spotter☆17Jun 11, 2024Updated last year
- Subtract one PE file from another!☆20Oct 1, 2021Updated 4 years ago
- Call NtCreateUserProcess directly as normal.☆77May 17, 2022Updated 3 years ago
- Resolve DOS MZ executable symbols at runtime☆96Nov 12, 2021Updated 4 years ago
- dk is a WinDbg extenion for dumping memory data in meaningful and organized ways, it is an enhancement of my previous tokenext project.☆26Feb 2, 2026Updated last month
- win10 pgContext dynamic dump (btc version)☆110Jan 15, 2020Updated 6 years ago
- C++ Exceptions in Windows Drivers☆221Dec 21, 2020Updated 5 years ago
- paste string formatted byte data block into x64dbg easy.☆42Jan 2, 2021Updated 5 years ago
- ☆23May 8, 2023Updated 2 years ago
- An application to view and filter pool allocations from a dmp file on Windows 10 RS5+.☆150Mar 2, 2023Updated 3 years ago
- r0akmap is a PoC driver manual mapper based on r0ak☆38Aug 18, 2018Updated 7 years ago
- Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.☆657Jan 28, 2025Updated last year
- Call 32bit NtDLL API directly from WoW64 Layer☆62Nov 18, 2020Updated 5 years ago
- Full H1Z1 internal, done with detour and D3D11 hooks☆20Aug 9, 2018Updated 7 years ago
- GSAudit at Symantec, ExeAudit at RIM, RECX Binary Assurance for Windows at Recx etc. - core library now WinBinaryAudit☆24Jul 1, 2015Updated 10 years ago
- Manual PE image mapper☆66Aug 29, 2013Updated 12 years ago
- A fast execution trace symbolizer for Windows that runs on all major platforms and doesn't depend on any Microsoft libraries.☆100Jan 3, 2026Updated 2 months ago
- Lightweight WINAPI tracing with Pin☆27Aug 22, 2019Updated 6 years ago
- A virtualization-based endpoint security solution for Windows☆88May 23, 2021Updated 4 years ago
- Simple Demo of using Windows Hypervisor Platform☆29Jul 14, 2025Updated 7 months ago
- Windows Minidump loader for Ghidra☆29Sep 30, 2022Updated 3 years ago
- clone of armadillo patched for windows☆48Oct 22, 2024Updated last year
- Bypasses for Windows kernel callbacks PatchGuard protection☆44Aug 15, 2021Updated 4 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆65Jun 19, 2019Updated 6 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- Extract data of TTD trace file to a minidump☆30Jul 31, 2023Updated 2 years ago
- A library to develop kernel level Windows payloads for post HVCI era☆486May 18, 2021Updated 4 years ago
- A PE morphing tool that allows you to mimic one executable file to another.☆11Dec 6, 2023Updated 2 years ago
- Leveraging Platform Trust Technology (PTT) to defeat Driver Signing Enforcement (DSE) to run Kernel Drivers (KMDF) with Secure Boot Enabl…☆14Aug 22, 2022Updated 3 years ago
- ☆12Mar 1, 2021Updated 5 years ago