danielkrupinski / KernelProcessListLinks
Example Windows Kernel-mode Driver which enumerates running processes.
☆57Updated 3 years ago
Alternatives and similar repositories for KernelProcessList
Users that are interested in KernelProcessList are comparing it to the libraries listed below
Sorting:
- Detect removed thread from PspCidTable.☆74Updated 3 years ago
- ☆100Updated last year
- reverse engineering of bedaisy.sys (battleyes kernel driver) - Aki2k/BEDaisy☆93Updated 5 years ago
- Handling C++ & __try exceptions without the need of built-in handlers.☆71Updated 4 years ago
- ☆80Updated 4 years ago
- x64 Windows implementation of virtual-address to physical-address translation☆43Updated 4 years ago
- The sequel to Voyager☆70Updated last year
- Kernel driver that uses Shared memory to communicate with UserMode☆89Updated 6 years ago
- Anti-debug library based on al-khaser with ScyllaHide/TitanHide detection.☆60Updated 6 years ago
- Communication via callback☆72Updated 5 years ago
- based on https://github.com/secrary/Hooking-via-InstrumentationCallback☆71Updated 5 years ago
- Detect-KeAttachProcess by iterating through all processes as well as checking the context of the thread.☆118Updated 3 years ago
- Obfuscate calls to imports by patching in stubs☆70Updated 4 years ago
- A basic demonstration of directly overwriting paging structures for physical memory r/w and interprocess memory copy☆98Updated 2 years ago
- Intercepting DeviceControl via WPP☆136Updated 5 years ago
- ☆48Updated 4 years ago
- ☆69Updated 3 years ago
- Mapping your code on a 0x1000 size page☆72Updated 3 years ago
- Disks for DMA☆108Updated 4 years ago
- just proof of concept. hooking MmCopyMemory PG safe.☆77Updated last year
- An x64 page table iterator written in C++ as a kernel mode windows driver.☆113Updated 4 years ago
- Some usefull info when reverse engineering Kernel Mode Anti-Cheat☆74Updated 2 years ago
- ☆55Updated 2 years ago
- A PoC for requesting HWIDs directly from hardware, skipping any potential hooks or OS support.☆80Updated 4 years ago
- Hiding a system thread against conventional means of detection☆41Updated 4 years ago
- Custom KiSystemStartup, can be used to modificate kernel before boot.☆52Updated 3 years ago
- page table manipulation to gain physical r/w☆44Updated last year
- A wrapper class to hide the original calling address of a function☆56Updated 5 years ago
- PsSetCreateProcessNotifyRoutine bypass proof-of-concept for manual mapped drivers☆31Updated 4 years ago
- driver that communicates using a shared section☆70Updated 5 months ago