VergiliusProject / vergilius-project
This project provides a collection of Microsoft Windows kernel structures, unions and enumerations. Most of them are not officially documented and cannot be found in Windows Driver Kit (WDK) headers. The target audience of this site is driver developers and kernel researches.
☆190Updated 2 weeks ago
Alternatives and similar repositories for vergilius-project:
Users that are interested in vergilius-project are comparing it to the libraries listed below
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆209Updated 5 years ago
- Research on Windows Kernel Executive Callback Objects☆284Updated 4 years ago
- Yet another windows internals repo☆204Updated 3 years ago
- APC Internals Research Code☆161Updated 4 years ago
- Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks☆343Updated 3 months ago
- A more stealthy variant of "DLL hollowing"☆335Updated 11 months ago
- ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solution…☆199Updated 2 years ago
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆221Updated 4 years ago
- A library to develop kernel level Windows payloads for post HVCI era☆389Updated 3 years ago
- ☆157Updated 4 months ago
- BYOVD: Loading dbk64.sys and grabbing a handle to it☆148Updated 2 years ago
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆201Updated 3 years ago
- Set of antianalysis techniques found in malware☆129Updated last year
- Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.☆571Updated 3 weeks ago
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆125Updated 5 months ago
- A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level …☆135Updated 2 years ago
- Code Injection, Inject malicious payload via pagetables pml4.☆228Updated 3 years ago
- Analyze patches in a process☆249Updated 3 years ago
- This is a collection of interesting codes about Windows Process creation.☆232Updated last year
- An IDA Plugin that help analyzing module that use COM☆203Updated last year
- Translates WinDbg "dt" structure dump to a C structure☆127Updated 8 years ago
- Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.☆314Updated 10 months ago
- Advanced driver monitoring utility.☆203Updated 2 years ago
- Browse Page Tables on Windows (Page Table Viewer)☆193Updated 2 years ago
- IDA Pro plugin to make bitfield accesses easier to grep☆231Updated this week
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆243Updated 2 years ago
- An application to view and filter pool allocations from a dmp file on Windows 10 RS5+.☆135Updated last year
- Asynchronous Procedure Calls☆214Updated 3 years ago
- ☆157Updated 3 years ago
- A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.☆160Updated 2 months ago