boom-cr3/NotifyRoutineHijackThread external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

boom-cr3/NotifyRoutineHijackThread

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/boom-cr3/NotifyRoutineHijackThread)

Close

boom-cr3 / NotifyRoutineHijackThreadView on GitHubMore

• External links
• Readme badge

Hijack NotifyRoutine for a kernelmode thread

☆41Jun 4, 2022Updated 3 years ago

Alternatives and similar repositories for NotifyRoutineHijackThread

Users that are interested in NotifyRoutineHijackThread are comparing it to the libraries listed below

• ekknod / acdrv

  View on GitHub
  base for testing
  ☆187Sep 28, 2024Updated last year
• Peribunt / Exception-Ret-Spoofing

  View on GitHub
  A simple way to spoof return addresses using an exception handler
  ☆44Aug 3, 2022Updated 3 years ago
• EBalloon / MapPage

  View on GitHub
  Mapping your code on a 0x1000 size page
  ☆71May 20, 2022Updated 3 years ago
• veryboreddd / Return-address-spoofer

  View on GitHub
  Illustrates the concept of return address spoofing, and how it is used.
  ☆14May 13, 2020Updated 5 years ago
• EBalloon / Rw-No-Attach

  View on GitHub
  ☆158May 21, 2024Updated last year
• HyperSine / siren-hypervisor

  View on GitHub
  ☆41Mar 23, 2023Updated 2 years ago
• boom-cr3 / VTableKFunctionHook

  View on GitHub
  This project will give you an example how you can hook a kernel vtable function that cannot be directly called
  ☆84Dec 25, 2021Updated 4 years ago
• kkent030315 / CiGetCertPublisherName

  View on GitHub
  An example code of CiGetCertPublisherName
  ☆16Mar 24, 2022Updated 3 years ago
• serbx / KernelVtableFunctionHook

  View on GitHub
  ☆20May 17, 2022Updated 3 years ago
• gabriellandau / CISpotter

  View on GitHub
  Code Integrity Violation Spotter
  ☆17Jun 11, 2024Updated last year
• ekknod / Nmi

  View on GitHub
  Old way for blocking NMI interrupts
  ☆29Sep 6, 2022Updated 3 years ago
• KANKOSHEV / Detect-MouseClassServiceCallback

  View on GitHub
  mouseclassservicecallback detection via hook
  ☆52Feb 7, 2022Updated 4 years ago
• MahmoudZohdy / APICallProxy

  View on GitHub
  Windows API Call Obfuscation
  ☆113Dec 9, 2022Updated 3 years ago
• xu-Wan / HypercallPageHook

  View on GitHub
  POC Hook of nt!HvcallCodeVa
  ☆54May 8, 2023Updated 2 years ago
• ex-ref / printa

  View on GitHub
  ☆18Dec 4, 2020Updated 5 years ago
• KANKOSHEV / Detect-HiddenThread-via-KPRCB

  View on GitHub
  Detect removed thread from PspCidTable.
  ☆75Mar 18, 2022Updated 4 years ago
• Shaxzy / VibranceInjector

  View on GitHub
  Mono process injector
  ☆22Jan 26, 2019Updated 7 years ago
• D3DXVECTOR2 / NtUserUpdateWindowTrackingInfo

  View on GitHub
  ☆16Jun 20, 2022Updated 3 years ago
• gmh5225 / CallMeWin32kDriver

  View on GitHub
  Load your driver like win32k.sys
  ☆258Aug 20, 2022Updated 3 years ago
• weak1337 / NO_ACCESS_Protection

  View on GitHub
  ☆192Dec 8, 2021Updated 4 years ago
• alfarom256 / UserVAtoPhysical

  View on GitHub
  Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address
  ☆23Nov 22, 2021Updated 4 years ago
• waleedassar / ALPC_CLIENT_SERVER

  View on GitHub
  Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.
  ☆21Jan 25, 2022Updated 4 years ago
• zouxianyu / BlindEye

  View on GitHub
  BattlEye kernel module bypass
  ☆177Oct 1, 2022Updated 3 years ago
• Cesusius / Dse-Patcher

  View on GitHub
  Patches DSE by swapping both data ptrs located in SeValidateImageHeader && SeValidateImageData
  ☆24Feb 9, 2024Updated 2 years ago
• 123456789zws / PJArk

  View on GitHub
  一个界面基于IMGUI的ARK，目前R3实现
  ☆13Nov 1, 2023Updated 2 years ago
• alal4465 / Practical-Reverse-Engineering-Solutions

  View on GitHub
  Some drivers I've written while solving exercises from Practical Reverse Engineering
  ☆15Jan 9, 2022Updated 4 years ago
• SamuelTulach / RwxMeme

  View on GitHub
  State of the art DLL injector that took 20 minutes to make
  ☆227Aug 16, 2023Updated 2 years ago
• ekknod / MouseClassServiceCallbackMeme

  View on GitHub
  Calling "own" MouseClassServiceCallback
  ☆76Jul 28, 2022Updated 3 years ago
• helloobaby / Nmi-Callback

  View on GitHub
  detect hypervisor with Nmi Callback
  ☆42Sep 25, 2022Updated 3 years ago
• 1401199262 / UnsuccessfulDriver

  View on GitHub
  ☆17Apr 21, 2022Updated 3 years ago
• rad9800 / VehApiResolve

  View on GitHub
  ☆118Aug 7, 2022Updated 3 years ago
• Sinclairq / hierarchy-eac

  View on GitHub
  Bypassing EasyAntiCheat.sys self-integrity by abusing call hierarchy
  ☆83Oct 6, 2022Updated 3 years ago
• weak1337 / SkipHook

  View on GitHub
  ☆136Aug 6, 2022Updated 3 years ago
• SamuelTulach / voidmap

  View on GitHub
  Using CVE-2021-40449 to manual map kernel mode driver
  ☆103Mar 5, 2022Updated 4 years ago
• trickster0 / CReadMemory

  View on GitHub
  Read Memory without ReadProcessMemory for Current Process
  ☆92Feb 13, 2022Updated 4 years ago
• J0xna / Kernel-Overlay-Hider

  View on GitHub
  ☆147Jan 24, 2024Updated 2 years ago
• armvirus / hook-scanner

  View on GitHub
  Scans all modules in target process for jmp/int3 hooks dissassembles then and follows jmps to destination.
  ☆82Nov 5, 2023Updated 2 years ago
• Peribunt / Ret-Spoofing

  View on GitHub
  A minimalistic way to spoof return addresses without using exceptions
  ☆18Jul 26, 2022Updated 3 years ago
• Compiled-Code / eac-mapper

  View on GitHub
  undetected eac mapper
  ☆170May 3, 2022Updated 3 years ago