adamhlt / Process-HollowingLinks
Process Hollowing in C++ (x86 / x64) - Process PE image replacement
☆151Updated last year
Alternatives and similar repositories for Process-Hollowing
Users that are interested in Process-Hollowing are comparing it to the libraries listed below
Sorting:
- PoC Anti-Rootkit/Anti-Cheat Driver.☆197Updated last month
- manual map unsigned driver over signed memory☆187Updated last year
- ☆289Updated 3 weeks ago
- PoC capable of detecting manual syscalls from usermode.☆196Updated 6 months ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆154Updated 2 years ago
- Inline syscalls made for MSVC supporting x64 and WOW64☆181Updated last year
- Various Process Injection Techniques☆148Updated 2 years ago
- Reverse engineering winapi function loadlibrary.☆194Updated 2 years ago
- Bypassing PatchGuard on modern x64 systems☆260Updated 2 years ago
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆490Updated last month
- Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!☆232Updated 10 months ago
- State of the art DLL injector that took 20 minutes to make☆216Updated last year
- Hooking Windows' exception dispatcher to protect process's PML4☆174Updated 4 months ago
- Process Injection using Thread Name☆272Updated last month
- Kernel Security driver used to block past, current and future process injection techniques on Windows Operating System.☆152Updated 2 years ago
- Load your driver like win32k.sys☆254Updated 2 years ago
- Simple Kernelmode DLL Injector with Manual mapping☆291Updated last year
- A mapper that maps shellcode into loaded large page drivers☆280Updated 3 years ago
- Exploit MsIo vulnerable driver☆104Updated 3 years ago
- load unsigned kernel-driver by patching dse in 248 lines☆118Updated last year
- Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…☆203Updated 7 months ago
- A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and re…☆451Updated last year
- Admin to Kernel code execution using the KSecDD driver☆250Updated last year
- x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration☆322Updated 2 years ago
- Custom GetProcAddress, GetModuleHandleA and some dbghelp.dll functions☆81Updated 6 years ago
- The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls☆192Updated last year
- DSE & PG bypass via BYOVD attack☆51Updated last year
- Windows Kernel inject (no module no thread)☆275Updated 2 years ago
- Implementation of Advanced Module Stomping and Heap/Stack Encryption☆216Updated last year
- Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.☆260Updated last year