boom-cr3/NotifyRoutineHijackThread external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

boom-cr3/NotifyRoutineHijackThread

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/boom-cr3/NotifyRoutineHijackThread)

Close

boom-cr3 / NotifyRoutineHijackThreadView on GitHubMore

• External links
• Readme badge

Hijack NotifyRoutine for a kernelmode thread

☆41Jun 4, 2022Updated 3 years ago

Alternatives and similar repositories for NotifyRoutineHijackThread

Users that are interested in NotifyRoutineHijackThread are comparing it to the libraries listed below

• ekknod / acdrv

  View on GitHub
  base for testing
  ☆186Sep 28, 2024Updated last year
• Peribunt / Exception-Ret-Spoofing

  View on GitHub
  A simple way to spoof return addresses using an exception handler
  ☆43Aug 3, 2022Updated 3 years ago
• EBalloon / Rw-No-Attach

  View on GitHub
  ☆158May 21, 2024Updated last year
• EBalloon / MapPage

  View on GitHub
  Mapping your code on a 0x1000 size page
  ☆71May 20, 2022Updated 3 years ago
• gabriellandau / CISpotter

  View on GitHub
  Code Integrity Violation Spotter
  ☆17Jun 11, 2024Updated last year
• HyperSine / siren-hypervisor

  View on GitHub
  ☆40Mar 23, 2023Updated 2 years ago
• veryboreddd / Return-address-spoofer

  View on GitHub
  Illustrates the concept of return address spoofing, and how it is used.
  ☆14May 13, 2020Updated 5 years ago
• alfarom256 / UserVAtoPhysical

  View on GitHub
  Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address
  ☆23Nov 22, 2021Updated 4 years ago
• boom-cr3 / VTableKFunctionHook

  View on GitHub
  This project will give you an example how you can hook a kernel vtable function that cannot be directly called
  ☆84Dec 25, 2021Updated 4 years ago
• MahmoudZohdy / APICallProxy

  View on GitHub
  Windows API Call Obfuscation
  ☆112Dec 9, 2022Updated 3 years ago
• waleedassar / ALPC_CLIENT_SERVER

  View on GitHub
  Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.
  ☆21Jan 25, 2022Updated 4 years ago
• KANKOSHEV / Detect-MouseClassServiceCallback

  View on GitHub
  mouseclassservicecallback detection via hook
  ☆52Feb 7, 2022Updated 4 years ago
• KANKOSHEV / Detect-HiddenThread-via-KPRCB

  View on GitHub
  Detect removed thread from PspCidTable.
  ☆75Mar 18, 2022Updated 3 years ago
• MahmoudZohdy / IAT-Obfuscation

  View on GitHub
  IAT-Obfuscation to make static analysis of executable harder.
  ☆44Sep 6, 2021Updated 4 years ago
• serbx / KernelVtableFunctionHook

  View on GitHub
  ☆20May 17, 2022Updated 3 years ago
• ex-ref / printa

  View on GitHub
  ☆18Dec 4, 2020Updated 5 years ago
• helloobaby / Nmi-Callback

  View on GitHub
  detect hypervisor with Nmi Callback
  ☆42Sep 25, 2022Updated 3 years ago
• gmh5225 / CallMeWin32kDriver

  View on GitHub
  Load your driver like win32k.sys
  ☆258Aug 20, 2022Updated 3 years ago
• xu-Wan / HypercallPageHook

  View on GitHub
  POC Hook of nt!HvcallCodeVa
  ☆54May 8, 2023Updated 2 years ago
• weak1337 / NO_ACCESS_Protection

  View on GitHub
  ☆192Dec 8, 2021Updated 4 years ago
• WolfyZ99 / Kernel-AntiCheat

  View on GitHub
  ☆69Aug 31, 2021Updated 4 years ago
• ekknod / Nmi

  View on GitHub
  Old way for blocking NMI interrupts
  ☆29Sep 6, 2022Updated 3 years ago
• boom-cr3 / Shared-FlushFileBuffers-Communication

  View on GitHub
  Cool kernel communication method.
  ☆100Jun 27, 2021Updated 4 years ago
• SamuelTulach / voidmap

  View on GitHub
  Using CVE-2021-40449 to manual map kernel mode driver
  ☆104Mar 5, 2022Updated 3 years ago
• Sinclairq / hierarchy-eac

  View on GitHub
  Bypassing EasyAntiCheat.sys self-integrity by abusing call hierarchy
  ☆83Oct 6, 2022Updated 3 years ago
• zouxianyu / BlindEye

  View on GitHub
  BattlEye kernel module bypass
  ☆178Oct 1, 2022Updated 3 years ago
• alal4465 / Practical-Reverse-Engineering-Solutions

  View on GitHub
  Some drivers I've written while solving exercises from Practical Reverse Engineering
  ☆15Jan 9, 2022Updated 4 years ago
• KANKOSHEV / Detect-KeAttachProcess

  View on GitHub
  Detect-KeAttachProcess by iterating through all processes as well as checking the context of the thread.
  ☆121Feb 8, 2022Updated 4 years ago
• Shaxzy / VibranceInjector

  View on GitHub
  Mono process injector
  ☆22Jan 26, 2019Updated 7 years ago
• Sinclairq / DataCommunication

  View on GitHub
  A kernelmode driver swapping a .data pointer in the kernel to perform communication between the kernel and usermode.
  ☆142Oct 20, 2020Updated 5 years ago
• weak1337 / SkipHook

  View on GitHub
  ☆136Aug 6, 2022Updated 3 years ago
• ekknod / MouseClassServiceCallbackMeme

  View on GitHub
  Calling "own" MouseClassServiceCallback
  ☆76Jul 28, 2022Updated 3 years ago
• 1401199262 / UnsuccessfulDriver

  View on GitHub
  ☆17Apr 21, 2022Updated 3 years ago
• armasm / EasyAntiCheatMemorySig

  View on GitHub
  eac memory sig maker
  ☆14Jun 10, 2021Updated 4 years ago
• Peribunt / Ret-Spoofing

  View on GitHub
  A minimalistic way to spoof return addresses without using exceptions
  ☆17Jul 26, 2022Updated 3 years ago
• kkent030315 / CiGetCertPublisherName

  View on GitHub
  An example code of CiGetCertPublisherName
  ☆17Mar 24, 2022Updated 3 years ago
• MahmoudZohdy / Anti-Analysis-DebuggerInjection

  View on GitHub
  Anti-Analysis technique, trick the debugger by Hiding events from it.
  ☆20Sep 6, 2021Updated 4 years ago
• Sentient111 / ClearDriverTraces

  View on GitHub
  clearing traces of a loaded driver
  ☆47Jul 2, 2022Updated 3 years ago
• rad9800 / VehApiResolve

  View on GitHub
  ☆118Aug 7, 2022Updated 3 years ago