Speedi13 / Custom-GetProcAddress-and-GetModuleHandle-and-more
Custom GetProcAddress, GetModuleHandleA and some dbghelp.dll functions
☆82Updated 5 years ago
Related projects ⓘ
Alternatives and complementary repositories for Custom-GetProcAddress-and-GetModuleHandle-and-more
- Inline syscalls made for MSVC supporting x64 and WOW64☆173Updated last year
- A simple tool to assemble shellcode ready to be copy-pasted into code☆64Updated 2 years ago
- Elevate a process to be a protected process☆142Updated 5 years ago
- A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.☆117Updated 2 years ago
- x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration☆219Updated 2 years ago
- Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.☆135Updated 2 years ago
- based on https://github.com/secrary/Hooking-via-InstrumentationCallback☆67Updated 5 years ago
- State of the art DLL injector that took 20 minutes to make☆203Updated last year
- Detect-KeAttachProcess by iterating through all processes as well as checking the context of the thread.☆110Updated 2 years ago
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆196Updated 3 years ago
- manual map unsigned driver over signed memory☆181Updated 6 months ago
- ☆177Updated 2 years ago
- ☆221Updated last month
- Kernel LdrLoadDll injector☆258Updated 6 years ago
- Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.☆270Updated 3 years ago
- Obfuscate calls to imports by patching in stubs☆64Updated 3 years ago
- ☆121Updated 2 years ago
- Reverse engineering winapi function loadlibrary.☆69Updated last year
- ☆147Updated 5 months ago
- TS-Changer - Forces the machine in/out of TestSigning Mode at runtime.☆64Updated last year
- A mapper that maps shellcode into loaded large page drivers☆223Updated 2 years ago
- KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys☆130Updated 4 months ago
- Load your driver like win32k.sys☆247Updated 2 years ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆106Updated last year
- Vectored Exception Handling Hooking Class☆145Updated 5 years ago
- Using CVE-2023-21768 to manual map kernel mode driver☆175Updated last year
- Exploit MsIo vulnerable driver☆83Updated 3 years ago
- Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL☆198Updated 3 years ago
- DSE & PG bypass via BYOVD attack☆37Updated 7 months ago
- A quick-and-dirty anti-hook library proof of concept.☆101Updated 6 years ago