☆93Jun 3, 2024Updated last year
Alternatives and similar repositories for user-kernel-syscall-hook
Users that are interested in user-kernel-syscall-hook are comparing it to the libraries listed below
Sorting:
- Rust library for lifting raw binary data to LLVM IR☆64Jul 18, 2025Updated 7 months ago
- A parser for Microsoft PDB (Program Database) debugging information☆23Nov 5, 2024Updated last year
- ☆21May 30, 2024Updated last year
- Provides commands to read from and write to arbitrary kernel-mode memory for users with the Administrator privilege. HVCI compatible. No …☆23Jun 16, 2024Updated last year
- Mixed Boolean Arithmetic Expression Obfuscator☆74Jul 26, 2023Updated 2 years ago
- Create stealthy, inline, EPT-like hooks using SMAP and SMEP☆61Oct 19, 2024Updated last year
- obfuscation that aims to not stand out☆24Mar 27, 2022Updated 3 years ago
- Labyrinth, an LLVM obfuscation plugin for the New Pass Manager☆44Feb 23, 2025Updated last year
- intel vt-x type 2 hypervisor☆65Apr 13, 2025Updated 10 months ago
- Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver☆54Oct 19, 2023Updated 2 years ago
- Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…☆253Oct 26, 2024Updated last year
- This plugin serves as a bridge between Binary Ninja and Ghidra's disassembler.☆36Jun 27, 2022Updated 3 years ago
- A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.☆91Jul 28, 2024Updated last year
- Admin to Kernel code execution using the KSecDD driver☆265Apr 19, 2024Updated last year
- ☆73Aug 31, 2022Updated 3 years ago
- Virtualization Simply Code☆25May 13, 2022Updated 3 years ago
- a parser for the .map file included in the aimware leak☆16Feb 19, 2023Updated 3 years ago
- research revolving the windows filtering platform callout mechanism☆39May 26, 2024Updated last year
- comparing data of module exports from disk and memory, then caching any differences.☆26Dec 11, 2021Updated 4 years ago
- Detect removed thread from PspCidTable.☆75Mar 18, 2022Updated 3 years ago
- ☆15Mar 13, 2023Updated 2 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆240Nov 6, 2019Updated 6 years ago
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Mar 29, 2025Updated 11 months ago
- Native code virtualizer for x64 binaries☆517Dec 20, 2024Updated last year
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆159Apr 13, 2023Updated 2 years ago
- manual map unsigned driver over signed memory☆221Apr 11, 2024Updated last year
- hy-rs, pronounced high rise, provides a unified and portable to the hypervisor APIs provided by various platforms.☆20Mar 10, 2022Updated 3 years ago
- IDA plugin to recover source code from panic information on rust☆18May 9, 2025Updated 9 months ago
- intel x86(-64) code analysis library that reconstructs control flow☆109Jan 8, 2026Updated last month
- Load dll with undocumented functions and debug symbols☆47Jul 20, 2024Updated last year
- x86-64 code/pe virtualizer☆206Dec 2, 2024Updated last year
- Kernel ReClassEx☆68Nov 21, 2023Updated 2 years ago
- POC Hook of nt!HvcallCodeVa☆54May 8, 2023Updated 2 years ago
- Interprocess communication via a covert timing channel☆26Oct 24, 2025Updated 4 months ago
- WinDbg extension written in Rust to dump the CPU / memory state of a running VM☆130Feb 1, 2026Updated last month
- Cheat for my own game SecureGame which uses a bootkit to hyperjack Hyper-V in order to access VBS enclave's memory☆103Dec 8, 2024Updated last year
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆268Aug 31, 2022Updated 3 years ago
- .lib file for linking against the NT CRT☆19Mar 18, 2022Updated 3 years ago
- x86-64 Automated test data generator☆26Aug 18, 2025Updated 6 months ago