helloobaby/spoofcall external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

helloobaby/spoofcall

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/helloobaby/spoofcall)

Close

helloobaby / spoofcallView on GitHubMore

• External links
• Readme badge

spoof return address

☆79Apr 28, 2023Updated 2 years ago

Alternatives and similar repositories for spoofcall

Users that are interested in spoofcall are comparing it to the libraries listed below

• AlSch092 / ModifyExports

  View on GitHub
  Research of modifying exported function names at runtime (C/C++, Windows)
  ☆18May 28, 2024Updated last year
• XaFF-XaFF / ZwProcessHollowing

  View on GitHub
  ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption
  ☆92Mar 23, 2023Updated 2 years ago
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆108Aug 21, 2024Updated last year
• wbaby / DoubleCallBack

  View on GitHub
  ☆183May 20, 2022Updated 3 years ago
• VirtualAlllocEx / Create_Thread_Inline_Assembly_x86

  View on GitHub
  This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly
  ☆20Apr 17, 2023Updated 2 years ago
• SaadAhla / BlockOpenHandle

  View on GitHub
  Block any Process to open HANDLE to your process , only SYTEM is allowed to open handle to your process ,with that you can avoid remote m…
  ☆173Apr 27, 2023Updated 2 years ago
• nbs32k / inline-syscall

  View on GitHub
  Inline syscalls made for MSVC supporting x64 and WOW64
  ☆193Jul 10, 2023Updated 2 years ago
• susMdT / effective-waffle

  View on GitHub
  yet another sleep encryption thing. also used the default github repo name for this one.
  ☆69May 11, 2023Updated 2 years ago
• WithSecureLabs / CallStackSpoofer

  View on GitHub
  A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
  ☆557Apr 8, 2025Updated 10 months ago
• Cracked5pider / CodeCave

  View on GitHub
  A bunch of scripts and code i wrote.
  ☆149Nov 7, 2024Updated last year
• x0reaxeax / rwlazer64

  View on GitHub
  Win64 UEFI Driver-based tool for unrestricted memory R/W
  ☆30Feb 8, 2022Updated 4 years ago
• EvilBytecode / SsnRetrieval

  View on GitHub
  Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name,…
  ☆15Apr 21, 2025Updated 10 months ago
• skadro-official / skCrypter

  View on GitHub
  Compile-time, Usermode + Kernelmode, safe and lightweight string crypter library for C++11+
  ☆812Jun 3, 2021Updated 4 years ago
• 0x00Check / ExploitLeakedHandle

  View on GitHub
  Identify and exploit leaked handles for local privilege escalation.
  ☆111Jun 19, 2023Updated 2 years ago
• itm4n / PPLrevenant

  View on GitHub
  Bypass LSA protection using the BYODLL technique
  ☆172Sep 21, 2024Updated last year
• Crypt0s / Ekko_CFG_Bypass

  View on GitHub
  A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process
  ☆115Aug 29, 2022Updated 3 years ago
• GetRektBoy724 / DCMB

  View on GitHub
  Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!
  ☆249Jul 9, 2024Updated last year
• xct / SeManageVolumeAbuse

  View on GitHub
  SeManageVolumePrivilege to SYSTEM
  ☆145Nov 22, 2023Updated 2 years ago
• SaadAhla / D1rkInject

  View on GitHub
  Another approach of Threadless injection discovered by @_EthicalChaos_ in c that loads a module into the target process and stomps it, an…
  ☆185Aug 2, 2023Updated 2 years ago
• fin3ss3g0d / NativeThreadpool

  View on GitHub
  Work, timer, and wait callback example using solely Native Windows APIs.
  ☆88Feb 11, 2024Updated 2 years ago
• ranni0225 / WRK

  View on GitHub
  Windows Research Kernel
  ☆37Sep 22, 2025Updated 5 months ago
• cs1ime / KernelDwm

  View on GitHub
  Kernel dwm render
  ☆169Oct 10, 2023Updated 2 years ago
• XaFF-XaFF / Kernel-Process-Hollowing

  View on GitHub
  Windows x64 kernel mode rootkit process hollowing POC.
  ☆189Jun 30, 2023Updated 2 years ago
• SaadAhla / HeapCrypt

  View on GitHub
  Encypting the Heap while sleeping by hooking and modifying Sleep with our own sleep that encrypts the heap
  ☆246Aug 2, 2023Updated 2 years ago
• xalicex / Killers

  View on GitHub
  Exploitation of process killer drivers
  ☆202Oct 17, 2023Updated 2 years ago
• Barracudach / CallStack-Spoofer

  View on GitHub
  This tool will allow you to spoof the return addresses of your functions as well as system functions.
  ☆550Nov 12, 2022Updated 3 years ago
• WKL-Sec / Winsocky

  View on GitHub
  Winsocket for Cobalt Strike.
  ☆103Jul 6, 2023Updated 2 years ago
• komimoe / arkCrypter

  View on GitHub
  Compile-time + Lifetime, Usermode + Kernelmode, safe and lightweight string crypter library for C++17+, based on skCrypter
  ☆18Jan 17, 2026Updated last month
• florylsk / NtRemoteLoad

  View on GitHub
  Remote Shellcode Injector
  ☆220Aug 27, 2023Updated 2 years ago
• fortra / hw-call-stack

  View on GitHub
  Use hardware breakpoints to spoof the call stack for both syscalls and API calls
  ☆203Jun 6, 2024Updated last year
• rbmm / RtlClone

  View on GitHub
  ☆42Feb 18, 2025Updated last year
• SaadAhla / ntdlll-unhooking-collection

  View on GitHub
  different ntdll unhooking techniques : unhooking ntdll from disk, from KnownDlls, from suspended process, from remote server (fileless)
  ☆202Aug 2, 2023Updated 2 years ago
• cutecatsandvirtualmachines / SKLib

  View on GitHub
  Standard Kernel Library for Windows manipulation in C++
  ☆199Jun 18, 2025Updated 8 months ago
• Idov31 / Jormungandr

  View on GitHub
  Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
  ☆242Sep 26, 2023Updated 2 years ago
• SaadAhla / PE-Obfuscator

  View on GitHub
  PE obfuscator with Evasion in mind
  ☆213Apr 25, 2023Updated 2 years ago
• CCob / ThreadlessInject

  View on GitHub
  Threadless Process Injection using remote function hooking.
  ☆810Sep 4, 2024Updated last year
• stdhu / windows-kernel-pagehook

  View on GitHub
  windows kernel pagehook
  ☆42Oct 30, 2022Updated 3 years ago
• YOLOP0wn / EchoDrv

  View on GitHub
  Exploitation of echo_driver.sys
  ☆170Sep 16, 2023Updated 2 years ago
• capt-meelo / KernelCallbackTable-Injection

  View on GitHub
  Code used in this post https://captmeelo.com/redteam/maldev/2022/04/21/kernelcallbacktable-injection.html
  ☆144Apr 21, 2022Updated 3 years ago