diversenok / Suspending-Techniques
Comparing, discussing, and bypassing various techniques for suspending and freezing processes on Windows.
☆124Updated 3 years ago
Alternatives and similar repositories for Suspending-Techniques:
Users that are interested in Suspending-Techniques are comparing it to the libraries listed below
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆245Updated 2 years ago
- API Set resolver for Windows☆130Updated 7 months ago
- Browse Page Tables on Windows (Page Table Viewer)☆197Updated 3 years ago
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆278Updated 6 months ago
- ☆71Updated 2 years ago
- Hook all callbacks which are registered with LdrRegisterDllNotification☆86Updated 3 weeks ago
- Run Processes as PPL with ELAM☆160Updated 3 years ago
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆202Updated 3 years ago
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆110Updated 3 years ago
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆136Updated 8 months ago
- Elevate a process to be a protected process☆149Updated 5 years ago
- APC Internals Research Code☆166Updated 4 years ago
- Detours implementation (x64/x86) which used only ntdll import☆90Updated 10 months ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆118Updated 2 years ago
- Single header version of System Informer's phnt library.☆211Updated last week
- Hooking Windows' exception dispatcher to protect process's PML4☆165Updated 3 months ago
- ntdll.h - compatible with MSVC 6.0, Intel C++ Compiler and MinGW. Serves as a complete replacement for Windows.h☆137Updated 5 years ago
- Advanced driver monitoring utility.☆208Updated 2 years ago
- Kernel Security driver used to block past, current and future process injection techniques on Windows Operating System.☆152Updated 2 years ago
- Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post☆60Updated 7 months ago
- PE Viewer☆176Updated 3 months ago
- Reverse engineering winapi function loadlibrary.☆189Updated 2 years ago
- A quick-and-dirty anti-hook library proof of concept.☆103Updated 6 years ago
- Resolve DOS MZ executable symbols at runtime☆95Updated 3 years ago
- Exploit MsIo vulnerable driver☆98Updated 3 years ago
- DSE bypass using a leaked cert and adjusting the current clock.☆150Updated 2 years ago
- Finding Truth in the Shadows☆89Updated 2 years ago
- Inline syscalls made for MSVC supporting x64 and WOW64☆179Updated last year
- C++ library for parsing and manipulating PE files statically and dynamically.☆86Updated last year
- A modern, mod independent open source cheat for Enemy Territory☆68Updated 3 months ago