armvirus / hook-scanner
Scans all modules in target process for jmp/int3 hooks dissassembles then and follows jmps to destination.
☆75Updated last year
Alternatives and similar repositories for hook-scanner:
Users that are interested in hook-scanner are comparing it to the libraries listed below
- ☆78Updated 3 years ago
- Handling C++ & __try exceptions without the need of built-in handlers.☆69Updated 3 years ago
- Kernel Lazy Importer☆109Updated 11 months ago
- PointerGuard is a proof-of-concept tool used to create 'guarded' pointers which disguise pointer addresses, monitor reads/writes, and pre…☆52Updated 2 years ago
- A basic demonstration of directly overwriting paging structures for physical memory r/w and interprocess memory copy☆83Updated last year
- Virtual and physical memory hacking library using gigabyte vulnerable driver☆70Updated last year
- driver manual mapper powered by https://github.com/estimated1337/lenovo_exec☆109Updated 2 years ago
- A PoC for requesting HWIDs directly from hardware, skipping any potential hooks or OS support.☆79Updated 3 years ago
- Some psuedo snippets from BattlEye's BEDaisy.sys loaded on Rainbow Six: Siege.☆123Updated 2 years ago
- ☆52Updated 2 years ago
- Discarded Section Manual Map☆66Updated 4 years ago
- ☆66Updated 2 years ago
- KDM Is a driver that will dumps every drivers that got manually mapped with kdmapper.☆53Updated 2 years ago
- x64 manual mapper using inline syscalls☆8Updated 3 years ago
- Bypassing EasyAntiCheat.sys self-integrity by abusing call hierarchy☆80Updated 2 years ago
- just proof of concept. hooking MmCopyMemory PG safe.☆67Updated last year
- Kernel driver that uses Shared memory to communicate with UserMode☆85Updated 5 years ago
- ☆30Updated 2 years ago
- This project will give you an example how you can hook a kernel vtable function that cannot be directly called☆82Updated 3 years ago
- Detect-KeAttachProcess by iterating through all processes as well as checking the context of the thread.☆110Updated 3 years ago
- x64 Windows kernel driver mapper, inject unsigned driver using anycall☆140Updated last year
- Extracts eac's driver at runtime without it touching the disk.☆33Updated last year
- ☆33Updated 2 years ago
- nmi stackwalking + module verification☆107Updated last year
- reverse engineering of bedaisy.sys (battleyes kernel driver) - Aki2k/BEDaisy☆82Updated 4 years ago
- ☆47Updated 2 years ago
- Old project (2020) reformed. Modifies gRT->GetVariable sub function from EFI_APPLICATION. Tested on Win10 22H2 (AMD).☆50Updated last year
- page table manipulation to gain physical r/w☆40Updated 10 months ago
- ☆50Updated 4 years ago
- ☆45Updated 3 years ago