alal4465 / KernelMonLinks
A ProcMon-esque tool for monitoring Windows Kernel Drivers
☆58Updated 4 years ago
Alternatives and similar repositories for KernelMon
Users that are interested in KernelMon are comparing it to the libraries listed below
Sorting:
- Kernel-Mode extended version of https://github.com/microsoft/Detours☆167Updated 3 weeks ago
- ☆97Updated 7 years ago
- first commit☆62Updated 4 years ago
- C++ library for parsing and manipulating PE files statically and dynamically.☆88Updated last year
- ☆125Updated 5 years ago
- unorthodox approach to analyze a trace, but this helped me get comfy with x64 instructions overall (excluding sse/avx/etc lol), cleared u…☆60Updated last year
- A basic 100 loc CPU emulator using the existing code of ntoskrnl.exe☆71Updated last year
- 🪝 Different aproaches to detecting EPT hooks☆112Updated 3 years ago
- x64 syscall caller in C++.☆90Updated 7 years ago
- Ghetto user mode emulation of Windows kernel drivers.☆140Updated 8 months ago
- Detect-KeAttachProcess by iterating through all processes as well as checking the context of the thread.☆113Updated 3 years ago
- ☆138Updated 2 years ago
- Hacker Disassembler Engine 64 Copyright (c) 2008-2009, Vyacheslav Patkov. * All rights reserved.☆50Updated 3 years ago
- Browse Page Tables on Windows (Page Table Viewer)☆210Updated 3 years ago
- query-pdb is a server-side software for parsing PDB files. The software provides PDB online parsing service.☆154Updated 9 months ago
- This project migrated to https://github.com/backengineering/llvm-msvc☆82Updated last year
- Collect different versions of Crucial modules.☆142Updated 11 months ago
- ☆47Updated 4 years ago
- PE-Dump-Fixer☆108Updated 5 years ago
- Resolve DOS MZ executable symbols at runtime☆95Updated 3 years ago
- Windows PDB parser for kernel-mode environment.☆97Updated 2 weeks ago
- A Hyper-V Hacking Framework For Windows 10 x64 (AMD & Intel)☆70Updated last year
- An x64 page table iterator written in C++ as a kernel mode windows driver.☆112Updated 4 years ago
- Some psuedo snippets from BattlEye's BEDaisy.sys loaded on Rainbow Six: Siege.☆124Updated 3 years ago
- a Windows kernel Pdb parsing and downloading library that running purely in kernel mode without any R3 programs.☆154Updated 9 months ago
- VM devirtualization PoC based on AsmJit and llvm☆114Updated 3 years ago
- Obfuscate calls to imports by patching in stubs☆69Updated 3 years ago
- An example of a client and server using Windows' ALPC functions to send and receive data.☆96Updated 5 months ago
- fix vmprotect import function used unicorn-engine.☆93Updated 2 years ago
- VMProtect, VMP, Devirter, 3,5☆107Updated 2 years ago