armvirus / VanguardTrace
Decrypting and intercepting encrypted imports of Vanguards Kernel Driver
☆17Updated 7 months ago
Related projects: ⓘ
- ☆35Updated 2 months ago
- Achieving code execution through abusing VEH☆15Updated last year
- ☆19Updated 7 months ago
- POC Hook of nt!HvcallCodeVa☆49Updated last year
- Just check hypervisor in ring0☆13Updated last year
- A Hyper-V Hacking Framework For Windows 10 x64 (AMD & Intel)☆29Updated last year
- Old way for blocking NMI interrupts☆25Updated 2 years ago
- ☆21Updated this week
- Illustrates the concept of return address spoofing, and how it is used.☆14Updated 4 years ago
- ☆14Updated this week
- ☆20Updated last year
- Patches DSE by swapping both data ptrs located in SeValidateImageHeader && SeValidateImageData☆19Updated 7 months ago
- Header only UM AC "bypass"☆16Updated 4 months ago
- Windows driver mapper via the UEFI☆37Updated 4 months ago
- communicate with kernel using a image on disk☆15Updated 4 months ago
- ☆31Updated this week
- ☆23Updated this week
- 将驱动映射到会话空间☆32Updated 2 years ago
- ☆25Updated 6 months ago
- Experiment with PAGE_GUARD protection to hide memory from other processes☆31Updated 2 months ago
- This driver hooks a device object for ioctl and uses mdls to allocate physical pages and manually injects an entry into a process's page …☆11Updated last year
- ☆20Updated this week
- clearing traces of a loaded driver☆45Updated 2 years ago
- partially disable patchguard up to win11 21H2☆10Updated 3 months ago
- A simple MmCopyMemory hook.☆32Updated 2 years ago
- POC kernel driver with hidden system thread☆10Updated 4 months ago
- ☆41Updated this week
- just proof of concept. hooking MmCopyMemory PG safe.☆60Updated 10 months ago
- ☆19Updated last week
- Injecting dll to protected games using ioclt and code cave communications, works on eac, be protected games but made for fn☆47Updated 5 months ago