VergiliusProject / vergilius-projectLinks
This project provides a collection of Microsoft Windows kernel structures, unions and enumerations. Most of them are not officially documented and cannot be found in Windows Driver Kit (WDK) headers. The target audience of this site is driver developers and kernel researches.
☆206Updated 4 months ago
Alternatives and similar repositories for vergilius-project
Users that are interested in vergilius-project are comparing it to the libraries listed below
Sorting:
- Research on Windows Kernel Executive Callback Objects☆287Updated 5 years ago
- ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solution…☆205Updated 2 years ago
- Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks☆361Updated 7 months ago
- IDA Pro plugin to make bitfield accesses easier to grep☆238Updated 3 months ago
- APC Internals Research Code☆166Updated 4 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆219Updated 5 years ago
- A library to develop kernel level Windows payloads for post HVCI era☆408Updated 4 years ago
- Debugger Anti-Detection Benchmark☆333Updated last year
- Code Injection, Inject malicious payload via pagetables pml4.☆238Updated 3 years ago
- Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.☆599Updated 4 months ago
- Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.☆321Updated last year
- Yet another windows internals repo☆207Updated 3 years ago
- An IDA Plugin that help analyzing module that use COM☆214Updated last year
- Analyze patches in a process☆253Updated 3 years ago
- A collection of themes based on pastel colors, created for reverse engineers☆146Updated last month
- A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level …☆144Updated 2 years ago
- BYOVD: Loading dbk64.sys and grabbing a handle to it☆151Updated 2 years ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆245Updated 2 years ago
- Set of antianalysis techniques found in malware☆132Updated last year
- A more stealthy variant of "DLL hollowing"☆347Updated last year
- Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2☆227Updated 2 years ago
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆201Updated 4 years ago
- Windows NT x64 syscall fuzzer☆607Updated last year
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆142Updated 9 months ago
- This is a collection of interesting codes about Windows Process creation.☆233Updated last year
- Advanced driver monitoring utility.☆210Updated 2 years ago
- Browse Page Tables on Windows (Page Table Viewer)☆202Updated 3 years ago
- Bindings for Microsoft WinDBG TTD☆223Updated last year
- x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration☆322Updated 2 years ago
- ☆165Updated 8 months ago