Register a callback in Kernel from a manually mapped driver
☆47Jun 1, 2021Updated 4 years ago
Alternatives and similar repositories for MappedCallback
Users that are interested in MappedCallback are comparing it to the libraries listed below
Sorting:
- PsSetCreateProcessNotifyRoutine bypass proof-of-concept for manual mapped drivers☆35Jul 19, 2021Updated 4 years ago
- A minimalistic way to spoof return addresses without using exceptions☆18Jul 26, 2022Updated 3 years ago
- Some crazy PE executables protection kernel driver☆20May 2, 2020Updated 5 years ago
- ☆47Feb 27, 2022Updated 4 years ago
- Proof of concept on how to bypass some limitations of a manual mapped driver☆172Oct 24, 2020Updated 5 years ago
- An example code of CiGetCertPublisherName☆16Mar 24, 2022Updated 3 years ago
- Detect-KeAttachProcess by iterating through all processes as well as checking the context of the thread.☆121Feb 8, 2022Updated 4 years ago
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- the basic version of the ring0 physical memory read/write tool☆92Aug 18, 2019Updated 6 years ago
- Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.☆151Feb 12, 2022Updated 4 years ago
- detect hypervisor with Nmi Callback☆42Sep 25, 2022Updated 3 years ago
- Hypervisor-based debugger for AMD processors☆63May 13, 2024Updated last year
- POC of integrity checks☆14May 31, 2021Updated 4 years ago
- My research WIP bluepill hypervisor☆40Mar 15, 2023Updated 3 years ago
- Proof of Concept Kernel-User Communication using System Thread.☆14Sep 24, 2023Updated 2 years ago
- base for testing☆187Sep 28, 2024Updated last year
- Detect removed thread from PspCidTable.☆75Mar 18, 2022Updated 4 years ago
- Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executabl…☆387Jan 29, 2022Updated 4 years ago
- ☆136Aug 6, 2022Updated 3 years ago
- ☆158May 21, 2024Updated last year
- ☆15Feb 5, 2021Updated 5 years ago
- PointerGuard is a proof-of-concept tool used to create 'guarded' pointers which disguise pointer addresses, monitor reads/writes, and pre…☆57May 23, 2022Updated 3 years ago
- Analyze patches in a process☆260Jul 28, 2021Updated 4 years ago
- A simple parser(library) which extracts shimcache data from windows.☆15May 20, 2019Updated 6 years ago
- Ready-to-use headers for Windows Kernel SSDT indices☆11Apr 12, 2020Updated 5 years ago
- Example of reading process memory through kernel special APC☆111Apr 21, 2023Updated 2 years ago
- A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing…☆14Nov 8, 2020Updated 5 years ago
- Bypasses for Windows kernel callbacks PatchGuard protection☆44Aug 15, 2021Updated 4 years ago
- Allows you to communicate with the kernel mode to manipulate memory in a stealthy way to avoid kernel anticheats.☆172May 8, 2022Updated 3 years ago
- Bypassing EasyAntiCheat.sys self-integrity by abusing call hierarchy☆83Oct 6, 2022Updated 3 years ago
- anti cheat drv open source☆19Apr 18, 2024Updated last year
- A collection of various vulnerable (mostly physical memory exposing) drivers.☆452Jun 15, 2022Updated 3 years ago
- Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols)☆68Aug 11, 2023Updated 2 years ago
- Spoof the return address of any function call.☆11Jul 21, 2024Updated last year
- A kernel module dumper for Windows x64 using mhyprot vulnerable driver☆36Oct 26, 2020Updated 5 years ago
- 🪝 Various EPT hook detection approaches☆143Feb 22, 2026Updated 3 weeks ago
- Unsigned Kernel Mode Driver that does memory modifications☆12Oct 13, 2022Updated 3 years ago
- Emulate Drivers in RING3 with self context mapping or unicorn☆366Aug 18, 2022Updated 3 years ago
- Windows kernel driver that detects hypervisors by probing SIDT/LIDT edge cases, paging/TLB behaviors, privilege transitions, and timing e…☆37Mar 3, 2026Updated 2 weeks ago