adamhlt / Process-Hollowing
Process Hollowing in C++ (x86 / x64) - Process PE image replacement
☆146Updated last year
Alternatives and similar repositories for Process-Hollowing:
Users that are interested in Process-Hollowing are comparing it to the libraries listed below
- Various Process Injection Techniques☆148Updated 2 years ago
- PoC Anti-Rootkit/Anti-Cheat Driver.☆189Updated 7 months ago
- Kernel Security driver used to block past, current and future process injection techniques on Windows Operating System.☆152Updated 2 years ago
- Reverse engineering winapi function loadlibrary.☆189Updated 2 years ago
- Bypassing PatchGuard on modern x64 systems☆257Updated 2 years ago
- PoC capable of detecting manual syscalls from usermode.☆194Updated 5 months ago
- Simple Kernelmode DLL Injector with Manual mapping☆280Updated last year
- manual map unsigned driver over signed memory☆186Updated last year
- ☆278Updated last week
- Inline syscalls made for MSVC supporting x64 and WOW64☆179Updated last year
- State of the art DLL injector that took 20 minutes to make☆214Updated last year
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆154Updated 2 years ago
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆202Updated 3 years ago
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆484Updated 2 weeks ago
- Windows Kernel inject (no module no thread)☆273Updated 2 years ago
- Custom GetProcAddress, GetModuleHandleA and some dbghelp.dll functions☆80Updated 6 years ago
- Process Injection using Thread Name☆257Updated last week
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆231Updated 9 months ago
- Hooking Windows' exception dispatcher to protect process's PML4☆165Updated 3 months ago
- Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…☆198Updated 5 months ago
- Load your driver like win32k.sys☆251Updated 2 years ago
- x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration☆314Updated 2 years ago
- DLL that hooks the NtQuerySystemInformation API and hides a process name☆287Updated last year
- Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.☆256Updated last year
- Detects virtual machines and malware analysis environments☆126Updated 2 years ago
- Kernel LdrLoadDll injector☆260Updated 6 years ago
- A small x64 library to load dll's into memory.☆437Updated last year
- Simple x86/x86_64 instruction level obfuscator based on a basic SBI engine☆267Updated 2 years ago
- Kernel driver loader using vulnerable gigabyte driver (https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vu…☆240Updated 3 years ago
- Elevate a process to be a protected process☆149Updated 5 years ago