SilverTuxedo / keval
Call arbitrary Windows kernel-mode functions from Python on another machine
☆45Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for keval
- An automatic tool for fixing dumped PE files☆41Updated 4 years ago
- Documenting system information classes and their uses☆50Updated 3 years ago
- A virtualization-based endpoint security solution for Windows☆86Updated 3 years ago
- A research project about Windows notify routines.☆35Updated 4 years ago
- Resolve DOS MZ executable symbols at runtime☆93Updated 3 years ago
- ☆66Updated 3 years ago
- An example of a client and server using Windows' ALPC functions to send and receive data.☆89Updated 4 years ago
- This is a simple driver with x64 inline assembly☆52Updated 4 years ago
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆74Updated 4 years ago
- ☆25Updated 3 years ago
- ☆57Updated 2 years ago
- Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols)☆60Updated last year
- File system minifilter driver for Windows to block symbolic link attacks.☆51Updated 3 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆204Updated 5 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Updated last year
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆66Updated 4 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆53Updated 5 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆69Updated last year
- Support Windows OS Reversing by searching easily for references to functions across many DLLs☆33Updated 2 years ago
- A library for intel VT-x hypervisor functionality supporting EPT shadowing.☆48Updated 3 years ago
- ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel drive…☆45Updated last year
- clone of armadillo patched for windows☆46Updated 3 weeks ago
- ☆31Updated 2 years ago
- IOCTLpus can be used to make DeviceIoControl requests with arbitrary inputs (with functionality somewhat similar to Burp Repeater).☆84Updated 2 years ago
- arbitrary kernel read/write in dbutil_2_3.sys, Proof of Concept Local Privilege Escalation to nt authority/system☆53Updated 2 years ago
- Windbg2ida lets you dump each step in Windbg then shows these steps in IDA☆73Updated 4 months ago
- vdk is a set of utilities used to help with exploitation of a vulnerable driver.☆39Updated 2 years ago
- Collect various versions of ntoskrnl files☆48Updated 10 months ago
- Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post☆47Updated 2 months ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆102Updated 4 years ago