Intraceptor intercept Windows NT API calls and redirect them to a kernel driver to bypass process/threads handle protections.
☆31May 18, 2022Updated 4 years ago
Alternatives and similar repositories for intraceptor
Users that are interested in intraceptor are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆12Oct 12, 2021Updated 4 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- clearing traces of a loaded driver☆47Jul 2, 2022Updated 3 years ago
- Source code on the 1.44MB 3.5 floppy accompanying the Windows NT File System Internals book.☆20Jul 31, 2019Updated 6 years ago
- eac memory sig maker☆14Jun 10, 2021Updated 4 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Detect VM and Hypervisor☆10Jun 16, 2021Updated 4 years ago
- Anti-Rootkit Tool for Windows☆13Mar 24, 2025Updated last year
- Load Dll into Kernel space☆39Aug 23, 2022Updated 3 years ago
- Some drivers I've written while solving exercises from Practical Reverse Engineering☆15Jan 9, 2022Updated 4 years ago
- A simple C++ driver base with KD data block☆11Jun 25, 2022Updated 3 years ago
- An example of Windows NT Native API application and kernel driver☆22Feb 10, 2020Updated 6 years ago
- ��☆17Apr 21, 2022Updated 4 years ago
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- A x64 Windows Rootkit using SSDT or Hypervisor hook☆568Jan 4, 2025Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- I was challenged by a friend to list all the processes and drivers in a system using more "unusual" methods. By doing this I learned quit…☆14Jul 12, 2016Updated 9 years ago
- [POC Detected]Bypass BE Anti Dll Injection (POC/Need Driver)☆17Mar 30, 2020Updated 6 years ago
- Using CVE-2021-40449 to manual map kernel mode driver☆103Mar 5, 2022Updated 4 years ago
- detect hypervisor with Nmi Callback☆41Sep 25, 2022Updated 3 years ago
- ☆49Feb 21, 2022Updated 4 years ago
- A simple way to spoof return addresses using an exception handler☆45Aug 3, 2022Updated 3 years ago
- Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL☆221Nov 12, 2020Updated 5 years ago
- pepex hack☆10Oct 22, 2021Updated 4 years ago
- Register a callback from a Manually mapped kernel module☆16Feb 1, 2022Updated 4 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Allows you to communicate with the kernel mode to manipulate memory in a stealthy way to avoid kernel anticheats.☆173May 8, 2022Updated 4 years ago
- The windows kernel debugger consists of two parts, KMOD which is the kernel driver handling ring3 request and KCLI, the command line inte…☆97Sep 12, 2022Updated 3 years ago
- ☆67Aug 31, 2021Updated 4 years ago
- Yet Another SetWindowsHookExW Injector☆17Nov 3, 2019Updated 6 years ago
- ☆37Nov 30, 2022Updated 3 years ago
- Illustrates the concept of return address spoofing, and how it is used.☆14May 13, 2020Updated 6 years ago
- VEH Redirect & VEH Debugger☆24May 18, 2020Updated 6 years ago
- Decoder for VMProtect hwids☆18Aug 1, 2022Updated 3 years ago
- Notes my learning steps about Windows-NT☆23May 18, 2017Updated 9 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Kernel driver for detecting Intel VT-x hypervisors.☆202Jul 11, 2023Updated 2 years ago
- 2022 Updated Kernelmode-Code☆32Mar 23, 2024Updated 2 years ago
- PareidoliaTriggerbot is a hypervisor-based, external Widowmaker triggerbot which uses the VivienneVMM and MouClassInputInjection projects…☆31Nov 3, 2019Updated 6 years ago
- Static user/kernel mode library that allows access to all functions and global variables by extracting offsets from the PDB☆124May 29, 2025Updated 11 months ago
- A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.☆159Nov 14, 2021Updated 4 years ago
- Swap control lioctl with trampoline recording in the .text section☆13Jul 1, 2021Updated 4 years ago
- Hooking SSDT with Avast Internet Security Hypervisor☆114Apr 6, 2019Updated 7 years ago