Alternatives and similar repositories for unKover

Users that are interested in unKover are comparing it to the libraries listed below

• eversinc33 / Banshee

  View on GitHub
  Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.
  ☆587Aug 2, 2025Updated 6 months ago
• kkent030315 / anycall

  View on GitHub
  x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration
  ☆384Jul 6, 2022Updated 3 years ago
• ekknod / drvscan

  View on GitHub
  scan system / process integrity
  ☆350Oct 22, 2024Updated last year
• Oliver-1-1 / GhostMapper

  View on GitHub
  ☆355May 11, 2025Updated 9 months ago
• donnaskiez / ac

  View on GitHub
  kernel mode anti cheat
  ☆628Aug 4, 2024Updated last year
• Oxygen1a1 / InfinityHook_latest

  View on GitHub
  etw hook (syscall/infinity hook) compatible with the latest Windows version of PG
  ☆320Apr 27, 2024Updated last year
• MapleSwan / enum_real_dirbase

  View on GitHub
  从MmPfnData中枚举进程和页目录基址
  ☆206Aug 18, 2023Updated 2 years ago
• wbaby / DoubleCallBack

  View on GitHub
  ☆184May 20, 2022Updated 3 years ago
• rogxo / DisableDSE

  View on GitHub
  A method to Disable DSE using .data ptr hooks
  ☆38Feb 1, 2024Updated 2 years ago
• SDXT / MMInject

  View on GitHub
  Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL
  ☆220Nov 12, 2020Updated 5 years ago
• jdu2600 / EtwTi-FluctuationMonitor

  View on GitHub
  Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
  ☆166May 17, 2023Updated 2 years ago
• daem0nc0re / VectorKernel

  View on GitHub
  PoCs for Kernelmode rootkit techniques research.
  ☆429Nov 4, 2025Updated 3 months ago
• SamuelTulach / HookGuard

  View on GitHub
  Hooking Windows' exception dispatcher to protect process's PML4
  ☆225Jan 24, 2025Updated last year
• gmh5225 / CallMeWin32kDriver

  View on GitHub
  Load your driver like win32k.sys
  ☆258Aug 20, 2022Updated 3 years ago
• jonomango / nohv

  View on GitHub
  Kernel driver for detecting Intel VT-x hypervisors.
  ☆192Jul 11, 2023Updated 2 years ago
• wbenny / KSOCKET

  View on GitHub
  KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK
  ☆541Sep 2, 2022Updated 3 years ago
• gabriellandau / ShadowStackWalk

  View on GitHub
  Finding Truth in the Shadows
  ☆120Jan 26, 2023Updated 3 years ago
• floesen / KExecDD

  View on GitHub
  Admin to Kernel code execution using the KSecDD driver
  ☆264Apr 19, 2024Updated last year
• KiFilterFiberContext / warbird-hook

  View on GitHub
  Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard
  ☆265Aug 31, 2022Updated 3 years ago
• helloobaby / Nmi-Callback

  View on GitHub
  detect hypervisor with Nmi Callback
  ☆42Sep 25, 2022Updated 3 years ago
• ekknod / acdrv

  View on GitHub
  base for testing
  ☆186Sep 28, 2024Updated last year
• zer0condition / NVDrv

  View on GitHub
  Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.
  ☆277Aug 25, 2023Updated 2 years ago
• pTerrance / alpc-km-um

  View on GitHub
  POC usermode <=> kernel communication via ALPC.
  ☆70Jun 6, 2024Updated last year
• armvirus / SinMapper

  View on GitHub
  usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to …
  ☆469Jan 3, 2022Updated 4 years ago
• Kudaes / Shelter

  View on GitHub
  ROP-based sleep obfuscation to evade memory scanners
  ☆375Jun 22, 2025Updated 7 months ago
• snowsnowsnows / EagleVM

  View on GitHub
  Native code virtualizer for x64 binaries
  ☆514Dec 20, 2024Updated last year
• connorjaydunn / BinaryShield

  View on GitHub
  An x86-64 Code Virtualizer
  ☆303Sep 26, 2024Updated last year
• brew02 / BudgetEPT

  View on GitHub
  Create stealthy, inline, EPT-like hooks using SMAP and SMEP
  ☆60Oct 19, 2024Updated last year
• 1401199262 / Hook-KdTrap

  View on GitHub
  ☆223Mar 11, 2023Updated 2 years ago
• Idov31 / Jormungandr

  View on GitHub
  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  ☆243Sep 26, 2023Updated 2 years ago
• cutecatsandvirtualmachines / SKLib

  View on GitHub
  Standard Kernel Library for Windows manipulation in C++
  ☆199Jun 18, 2025Updated 7 months ago
• AmitMoshel1 / PatchGuardEncryptorDriver

  View on GitHub
  A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.
  ☆78Mar 29, 2025Updated 10 months ago
• 0mWindyBug / KernelInjector

  View on GitHub
  PoC kernel to usermode injection
  ☆104Feb 26, 2024Updated last year
• es3n1n / obfuscator

  View on GitHub
  PE (and elf now!) bin2bin obfuscator
  ☆810Oct 11, 2025Updated 4 months ago
• adrianyy / rw_socket_driver

  View on GitHub
  Driver that uses network sockets to communicate with client and read/ write protected process memory.
  ☆620Feb 22, 2019Updated 6 years ago
• donnaskiez / nmi

  View on GitHub
  nmi stackwalking + module verification
  ☆157Dec 28, 2023Updated 2 years ago
• armvirus / CosMapper

  View on GitHub
  Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.
  ☆377Aug 8, 2021Updated 4 years ago
• DErDYAST1R / 64KernelDriverCleaner

  View on GitHub
  A Kernel Driver that can be used for a cheat or malware base to circumvent common cache & structure table checks. PsLoadedModuleList howe…
  ☆202Sep 27, 2025Updated 4 months ago
• BeneficialCode / WinArk

  View on GitHub
  Windows Anti-Rootkit Tool
  ☆542Dec 31, 2025Updated last month