alfarom256 / UserVAtoPhysicalView external linksLinks
Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address
☆23Nov 22, 2021Updated 4 years ago
Alternatives and similar repositories for UserVAtoPhysical
Users that are interested in UserVAtoPhysical are comparing it to the libraries listed below
Sorting:
- clearing traces of a loaded driver☆47Jul 2, 2022Updated 3 years ago
- A C++ syscall ID extractor for Windows. Developed, debugged and tested on 20H2.☆21May 25, 2021Updated 4 years ago
- hooking KiUserApcDispatcher☆25Apr 3, 2017Updated 8 years ago
- detect hypervisor with Nmi Callback☆42Sep 25, 2022Updated 3 years ago
- VEH Redirect & VEH Debugger☆23May 18, 2020Updated 5 years ago
- Bypassing kernel patch protection runtime☆21Feb 19, 2023Updated 2 years ago
- x64 Windows implementation of virtual-address to physical-address translation☆46Jun 3, 2021Updated 4 years ago
- Simple Demo of using Windows Hypervisor Platform☆29Jul 14, 2025Updated 7 months ago
- bypass CRC☆12May 3, 2018Updated 7 years ago
- IO隐藏通信封装☆17May 31, 2021Updated 4 years ago
- Code Integrity Violation Spotter☆17Jun 11, 2024Updated last year
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- ☆118Aug 7, 2022Updated 3 years ago
- Dangling COM Keys Finder☆17Nov 16, 2021Updated 4 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆73Aug 11, 2023Updated 2 years ago
- ☆59Jun 8, 2022Updated 3 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- Intraceptor intercept Windows NT API calls and redirect them to a kernel driver to bypass process/threads handle protections.☆32May 18, 2022Updated 3 years ago
- A PoC tool for exploiting leaked process and thread handles☆32Feb 13, 2024Updated 2 years ago
- kernel driver used to monitor the activity of BadlionAnticheat.sys by patching its IAT☆33Jul 9, 2021Updated 4 years ago
- A dll injector static library for Win x64 processes with handle elevation supported☆12Mar 28, 2021Updated 4 years ago
- ☆33Dec 22, 2020Updated 5 years ago
- ☆39Mar 23, 2023Updated 2 years ago
- https://key08.com/index.php/2021/10/19/1375.html☆71May 11, 2022Updated 3 years ago
- Windows driver template, using C++20 & cmake & GithubActions☆24Aug 9, 2024Updated last year
- Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.☆36May 12, 2022Updated 3 years ago
- R3劫持所有异常☆15Jan 4, 2021Updated 5 years ago
- mouseclassservicecallback detection via hook☆52Feb 7, 2022Updated 4 years ago
- Handling C++ & __try exceptions without the need of built-in handlers.☆77Aug 28, 2021Updated 4 years ago
- An extended proof-of-concept for the CVE-2021-21551 Dell ‘dbutil_2_3.sys’ Kernel Exploit☆24Jul 20, 2021Updated 4 years ago
- ☆153Jul 31, 2022Updated 3 years ago
- Source code on the 1.44MB 3.5 floppy accompanying the Windows NT File System Internals book.☆20Jul 31, 2019Updated 6 years ago
- ☆14Nov 29, 2021Updated 4 years ago
- A BOF for enumerating version information for DLLs associated for a Beacon process.☆16Nov 23, 2021Updated 4 years ago
- What makes it page☆17Aug 24, 2022Updated 3 years ago
- hooks gServerHandlers xxxEventWndProc☆13May 1, 2022Updated 3 years ago
- A simple way to spoof return addresses using an exception handler☆43Aug 3, 2022Updated 3 years ago
- An ark tool's driver☆40May 11, 2017Updated 8 years ago
- Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL☆220Nov 12, 2020Updated 5 years ago