Register a callback in Kernel from a manually mapped driver
☆47Jun 1, 2021Updated 4 years ago
Alternatives and similar repositories for MappedCallback
Users that are interested in MappedCallback are comparing it to the libraries listed below
Sorting:
- PsSetCreateProcessNotifyRoutine bypass proof-of-concept for manual mapped drivers☆34Jul 19, 2021Updated 4 years ago
- A minimalistic way to spoof return addresses without using exceptions☆17Jul 26, 2022Updated 3 years ago
- Some crazy PE executables protection kernel driver☆20May 2, 2020Updated 5 years ago
- POC of integrity checks☆14May 31, 2021Updated 4 years ago
- ☆47Feb 27, 2022Updated 4 years ago
- Ready-to-use headers for Windows Kernel SSDT indices☆11Apr 12, 2020Updated 5 years ago
- Detect-KeAttachProcess by iterating through all processes as well as checking the context of the thread.☆121Feb 8, 2022Updated 4 years ago
- Hypervisor-based debugger for AMD processors☆63May 13, 2024Updated last year
- PointerGuard is a proof-of-concept tool used to create 'guarded' pointers which disguise pointer addresses, monitor reads/writes, and pre…☆57May 23, 2022Updated 3 years ago
- BypaPH - Process Hacker's bypass (read/write any process virtual memory & kernel mem) 带签名驱动,驱动级内存读取☆23Sep 3, 2020Updated 5 years ago
- Proof of concept on how to bypass some limitations of a manual mapped driver☆172Oct 24, 2020Updated 5 years ago
- detect hypervisor with Nmi Callback☆42Sep 25, 2022Updated 3 years ago
- A simple parser(library) which extracts shimcache data from windows.☆15May 20, 2019Updated 6 years ago
- Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executabl…☆385Jan 29, 2022Updated 4 years ago
- Windows kernel driver that detects hypervisors by probing SIDT/LIDT edge cases, paging/TLB behaviors, privilege transitions, and timing e…☆36Dec 17, 2025Updated 2 months ago
- An example code of CiGetCertPublisherName☆17Mar 24, 2022Updated 3 years ago
- Bypasses for Windows kernel callbacks PatchGuard protection☆44Aug 15, 2021Updated 4 years ago
- Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols)☆68Aug 11, 2023Updated 2 years ago
- Example of reading process memory through kernel special APC☆110Apr 21, 2023Updated 2 years ago
- Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.☆151Feb 12, 2022Updated 4 years ago
- base for testing☆186Sep 28, 2024Updated last year
- Analyze patches in a process☆259Jul 28, 2021Updated 4 years ago
- ☆16Feb 5, 2021Updated 5 years ago
- Proof of Concept Kernel-User Communication using System Thread.☆14Sep 24, 2023Updated 2 years ago
- Helps to find patched modules☆30Oct 26, 2020Updated 5 years ago
- ☆36Mar 19, 2019Updated 6 years ago
- ☆158May 21, 2024Updated last year
- Register a callback from a Manually mapped kernel module☆16Feb 1, 2022Updated 4 years ago
- filter driver to hide files and directories☆25Feb 12, 2024Updated 2 years ago
- Plugin for x64dbg to disable parallel loading of dependencies☆19Sep 3, 2022Updated 3 years ago
- ☆30Jan 28, 2021Updated 5 years ago
- ☆18Oct 12, 2014Updated 11 years ago
- My research WIP bluepill hypervisor☆40Mar 15, 2023Updated 2 years ago
- 🪝 Various EPT hook detection approaches☆143Feb 22, 2026Updated last week
- External Base for bypassing Shadow Regions in Valorant☆303Nov 5, 2024Updated last year
- the basic version of the ring0 physical memory read/write tool☆92Aug 18, 2019Updated 6 years ago
- Emulate Drivers in RING3 with self context mapping or unicorn☆365Aug 18, 2022Updated 3 years ago
- Some usefull info when reverse engineering Kernel Mode Anti-Cheat☆78Feb 20, 2023Updated 3 years ago
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆54Dec 30, 2025Updated 2 months ago