adamhlt / Process-HollowingLinks
Process Hollowing in C++ (x86 / x64) - Process PE image replacement
☆170Updated 2 years ago
Alternatives and similar repositories for Process-Hollowing
Users that are interested in Process-Hollowing are comparing it to the libraries listed below
Sorting:
- Various Process Injection Techniques☆158Updated 3 years ago
- PoC Anti-Rootkit/Anti-Cheat Driver.☆223Updated 6 months ago
- Bypassing PatchGuard on modern x64 systems☆265Updated 2 years ago
- Kernel driver loader using vulnerable gigabyte driver (https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vu…☆261Updated 4 years ago
- Kernel Security driver used to block past, current and future process injection techniques on Windows Operating System.☆154Updated 3 years ago
- Reverse engineering winapi function loadlibrary.☆220Updated 2 years ago
- x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration☆359Updated 3 years ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆155Updated 2 years ago
- manual map unsigned driver over signed memory☆201Updated last year
- Simple Kernelmode DLL Injector with Manual mapping☆319Updated last year
- ☆329Updated 5 months ago
- Inline syscalls made for MSVC supporting x64 and WOW64☆187Updated 2 years ago
- Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…☆236Updated last year
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆525Updated 6 months ago
- DLL that hooks the NtQuerySystemInformation API and hides a process name☆294Updated 2 years ago
- Load your driver like win32k.sys☆256Updated 3 years ago
- State of the art DLL injector that took 20 minutes to make☆219Updated 2 years ago
- Hooking Windows' exception dispatcher to protect process's PML4☆203Updated 9 months ago
- KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys☆160Updated last year
- Header only library for obfuscation import winapi functions.☆43Updated 8 months ago
- Custom GetProcAddress, GetModuleHandleA and some dbghelp.dll functions☆86Updated 6 years ago
- load unsigned kernel-driver by patching dse in 248 lines☆133Updated last year
- Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.☆272Updated 2 years ago
- Controlling Windows PP(L)s☆351Updated 2 years ago
- Exploit MsIo vulnerable driver☆114Updated 4 years ago
- x86 PE Mutator☆226Updated 2 years ago
- DSE bypass using a leaked cert and adjusting the current clock.☆151Updated 3 weeks ago
- PoC capable of detecting manual syscalls from usermode.☆202Updated 11 months ago
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆206Updated 4 years ago
- Custom LoadLibrary / GetProcAddress (x86 / x64) - Load DLL and retrieve functions manually☆95Updated 2 years ago