just proof of concept. hooking MmCopyMemory PG safe.
☆83Nov 13, 2023Updated 2 years ago
Alternatives and similar repositories for efi-monitor
Users that are interested in efi-monitor are comparing it to the libraries listed below
Sorting:
- manually map driver for a signed driver memory space☆175Mar 11, 2021Updated 4 years ago
- nmi stackwalking + module verification☆163Dec 28, 2023Updated 2 years ago
- base for testing☆187Sep 28, 2024Updated last year
- A basic demonstration of directly overwriting paging structures for physical memory r/w and interprocess memory copy☆103Jun 26, 2023Updated 2 years ago
- A mapper that maps shellcode into loaded large page drivers☆325Apr 26, 2022Updated 3 years ago
- page table manipulation to gain physical r/w☆44May 7, 2024Updated last year
- POC Hook of nt!HvcallCodeVa☆54May 8, 2023Updated 2 years ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆159Apr 13, 2023Updated 2 years ago
- Windows driver mapper via the UEFI☆58Jul 13, 2025Updated 7 months ago
- Detect removed thread from PspCidTable.☆75Mar 18, 2022Updated 3 years ago
- 从MmPfnData中枚举进程和页目录基址☆207Aug 18, 2023Updated 2 years ago
- communicate with kernel using a image on disk☆16May 1, 2024Updated last year
- Bypassing PatchGuard on modern x64 systems☆265Apr 9, 2023Updated 2 years ago
- Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.☆385Aug 8, 2021Updated 4 years ago
- Patches DSE by swapping both data ptrs located in SeValidateImageHeader && SeValidateImageData☆23Feb 9, 2024Updated 2 years ago
- ☆23May 8, 2023Updated 2 years ago
- windows kernel pagehook☆42Oct 30, 2022Updated 3 years ago
- usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to …☆472Jan 3, 2022Updated 4 years ago
- POC usermode <=> kernel communication via ALPC.☆72Jun 6, 2024Updated last year
- ☆158May 21, 2024Updated last year
- ☆148Jan 24, 2024Updated 2 years ago
- Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.☆277Aug 25, 2023Updated 2 years ago
- Minimalistic AMD-V/SVM hypervisor with memory introspection capabilities☆376Feb 26, 2025Updated last year
- ☆34Apr 11, 2023Updated 2 years ago
- ☆27Oct 18, 2023Updated 2 years ago
- kernel anticheat to test your driver against☆181Jun 16, 2025Updated 8 months ago
- clearing traces of a loaded driver☆47Jul 2, 2022Updated 3 years ago
- Virtual and physical memory hacking library using gigabyte vulnerable driver☆71Apr 9, 2023Updated 2 years ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆269Aug 31, 2022Updated 3 years ago
- Kernel driver that uses Shared memory to communicate with UserMode☆86Apr 25, 2019Updated 6 years ago
- ☆73Aug 31, 2022Updated 3 years ago
- driver manual mapper powered by https://github.com/estimated1337/lenovo_exec☆115Dec 28, 2022Updated 3 years ago
- ☆27Jun 24, 2022Updated 3 years ago
- ☆29Mar 9, 2024Updated 2 years ago
- Old project (2020) reformed. Modifies gRT->GetVariable sub function from EFI_APPLICATION. Tested on Win10 22H2 (AMD).☆57Feb 28, 2024Updated 2 years ago
- UEFI bootkit for driver manual mapping☆586Jan 1, 2024Updated 2 years ago
- I've developed a rather effective driver for DLL injection targeting EAC Protected Games, and since i dont care for any notable games uti…☆104Apr 24, 2024Updated last year
- Not mine. Only for saving☆26Jun 28, 2022Updated 3 years ago
- Windows Kernel inject (no module no thread)☆283Nov 11, 2022Updated 3 years ago