adamhlt / Process-HollowingLinks
Process Hollowing in C++ (x86 / x64) - Process PE image replacement
☆168Updated 2 years ago
Alternatives and similar repositories for Process-Hollowing
Users that are interested in Process-Hollowing are comparing it to the libraries listed below
Sorting:
- Various Process Injection Techniques☆158Updated 3 years ago
- PoC Anti-Rootkit/Anti-Cheat Driver.☆221Updated 5 months ago
- Inline syscalls made for MSVC supporting x64 and WOW64☆187Updated 2 years ago
- x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration☆357Updated 3 years ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆156Updated 2 years ago
- manual map unsigned driver over signed memory☆202Updated last year
- Bypassing PatchGuard on modern x64 systems☆265Updated 2 years ago
- DLL that hooks the NtQuerySystemInformation API and hides a process name☆295Updated 2 years ago
- Custom GetProcAddress, GetModuleHandleA and some dbghelp.dll functions☆85Updated 6 years ago
- Kernel driver loader using vulnerable gigabyte driver (https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vu…☆262Updated 4 years ago
- Reverse engineering winapi function loadlibrary.☆217Updated 2 years ago
- State of the art DLL injector that took 20 minutes to make☆220Updated 2 years ago
- Load your driver like win32k.sys☆257Updated 3 years ago
- Kernel Security driver used to block past, current and future process injection techniques on Windows Operating System.☆154Updated 3 years ago
- ☆322Updated 4 months ago
- Simple Kernelmode DLL Injector with Manual mapping☆315Updated last year
- DSE bypass using a leaked cert and adjusting the current clock.☆152Updated 3 years ago
- Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…☆233Updated 11 months ago
- Hooking Windows' exception dispatcher to protect process's PML4☆198Updated 8 months ago
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆206Updated 4 years ago
- Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.☆272Updated 2 years ago
- Exploit MsIo vulnerable driver☆114Updated 4 years ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆129Updated 2 years ago
- load unsigned kernel-driver by patching dse in 248 lines☆133Updated last year
- Custom LoadLibrary / GetProcAddress (x86 / x64) - Load DLL and retrieve functions manually☆96Updated 2 years ago
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆524Updated 5 months ago
- Detects virtual machines and malware analysis environments☆138Updated 2 years ago
- PoC capable of detecting manual syscalls from usermode.☆202Updated 10 months ago
- Kernel LdrLoadDll injector☆265Updated 7 years ago
- KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys☆157Updated last year