Create stealthy, inline, EPT-like hooks using SMAP and SMEP
☆61Oct 19, 2024Updated last year
Alternatives and similar repositories for BudgetEPT
Users that are interested in BudgetEPT are comparing it to the libraries listed below
Sorting:
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆54Dec 30, 2025Updated 2 months ago
- Hooking Windows' exception dispatcher to protect process's PML4☆228Jan 24, 2025Updated last year
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Mar 29, 2025Updated 11 months ago
- Collection of hypervisor detections☆296Sep 25, 2024Updated last year
- nmi stackwalking + module verification☆162Dec 28, 2023Updated 2 years ago
- ☆37Sep 26, 2024Updated last year
- .data ptr swapper for newer win32k versions. (Supports Windows 11)☆36Jan 19, 2026Updated last month
- Kernel-mode Paravirtualization in Ring 2, LLVM based linker, and some other things!☆409Apr 19, 2025Updated 10 months ago
- Logging library for kernel drivers written for the Windows NT operating system.☆21Oct 17, 2025Updated 4 months ago
- Dll injection through code page id modification in registry. Based on jonas lykk research☆17Jun 18, 2022Updated 3 years ago
- Lightweight PDB symbol parser and resolver☆28Oct 28, 2024Updated last year
- intel vt-x type 2 hypervisor☆65Apr 13, 2025Updated 10 months ago
- Kernel driver for detecting Intel VT-x hypervisors.☆197Jul 11, 2023Updated 2 years ago
- Simple anti-instrumentation with EFLAGS.AC☆17Mar 31, 2025Updated 11 months ago
- PTE hook☆35Jun 15, 2024Updated last year
- detect hypervisor with Nmi Callback☆42Sep 25, 2022Updated 3 years ago
- Anti-Rootkit/Anti-Cheat Driver to uncover unbacked or hidden kernel code.☆297Dec 10, 2025Updated 2 months ago
- Minimalistic AMD-V/SVM hypervisor with memory introspection capabilities☆372Feb 26, 2025Updated last year
- Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)☆340Aug 31, 2024Updated last year
- ☆272Sep 2, 2025Updated 5 months ago
- ☆73Aug 31, 2022Updated 3 years ago
- Cheat for my own game SecureGame which uses a bootkit to hyperjack Hyper-V in order to access VBS enclave's memory☆103Dec 8, 2024Updated last year
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆268Aug 31, 2022Updated 3 years ago
- Using Windows' own bootloader as a shim to bypass Secure Boot☆225Jul 17, 2024Updated last year
- Disks for DMA☆141Apr 28, 2021Updated 4 years ago
- IDT HOOK KiPageFault test Modified from: github.com/kanren3/x64-IDT-HOOK☆18May 2, 2020Updated 5 years ago
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆73Apr 13, 2025Updated 10 months ago
- Finding Truth in the Shadows☆123Jan 26, 2023Updated 3 years ago
- ☆183May 20, 2022Updated 3 years ago
- Windows x64 DLL/Driver manual map injection on a non-present PML4E using physical memory read/writes, direct page table manipulation and …☆85Sep 28, 2025Updated 5 months ago
- ☆93Jun 3, 2024Updated last year
- ☆144Dec 10, 2022Updated 3 years ago
- 巨硬☆17Oct 4, 2023Updated 2 years ago
- A small tool for rapid enumeration of CPUID, and MSR fields.☆32Jan 30, 2024Updated 2 years ago
- Translate virtual addresses to physical addresses from usermode.☆104Jun 7, 2024Updated last year
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆132Apr 26, 2023Updated 2 years ago
- Browse Page Tables on Windows (Page Table Viewer)☆234Apr 2, 2022Updated 3 years ago
- ntoskrnl .data hooks for UM-KM communication☆54May 26, 2024Updated last year
- manual map unsigned driver over signed memory☆219Apr 11, 2024Updated last year