ajkhoury / Windbg2Struct
Takes a Windbg dumped structure (using the 'dt' command) and formats it into a C structure
☆33Updated 4 months ago
Related projects ⓘ
Alternatives and complementary repositories for Windbg2Struct
- Analyze PatchGuard☆53Updated 6 years ago
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆66Updated 4 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆53Updated 5 years ago
- This is a simple driver with x64 inline assembly☆53Updated 4 years ago
- ☆44Updated 4 years ago
- Windows 10 UAC bypass PoC using LaunchInfSection☆34Updated 6 years ago
- Windbg extension that allows you analyze Control Flow Guard map☆36Updated 3 years ago
- Tools made for my Hyper-V blog series @ https://foxhex0ne.blogspot.com/☆54Updated 4 years ago
- Helper utility for debugging windows PE/PE+ loader.☆50Updated 9 years ago
- Figuring out the cause of a handle downgrade☆23Updated last year
- Exploiting HEVD's WriteWhatWhereIoctlDispatch for LPE on Windows 10 TH2 through RS3 using GDI objects.☆24Updated 6 years ago
- Polymorphic Stub Creator☆30Updated 7 years ago
- Windows 10 kernel and ntdll internal types, directly compatible with ida.☆50Updated 6 years ago
- This repository contains some tools that I have written in the past☆26Updated last year
- PoC of BOOST-ed _EPROCESS.VadRoot iterating☆24Updated 10 years ago
- A library for intel VT-x hypervisor functionality supporting EPT shadowing.☆48Updated 3 years ago
- Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.☆73Updated 13 years ago
- IA32-doc is a project which aims to put as many definitions from the Intel Manual into machine-processable format as possible☆16Updated 2 years ago
- ntoskrnl symbol pdb and undocument structures☆23Updated 7 years ago
- Detects if a Kernel mode debugger is active by reading the value of KUSER_SHARED_DATA.KdDebuggerEnabled. It is a high level and portable …☆22Updated 7 years ago
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆59Updated 8 years ago
- Wow64 syscall hook☆40Updated 7 years ago
- win32/x64 obfuscate framework☆32Updated 5 years ago
- ☆66Updated 3 years ago
- Driver demonstrating how to register a DPC to asynchronously wait on an object☆48Updated 3 years ago