hugsy/CFB external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

hugsy/CFB

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/hugsy/CFB)

Close

hugsy / CFBView on GitHubMore

• External links
• Readme badge

CFB is a ProcMon-style tool designed to assist capturing IRPs sent to Windows drivers.

☆333Mar 26, 2024Updated last year

Alternatives and similar repositories for CFB

Users that are interested in CFB are comparing it to the libraries listed below

• yardenshafir / PoolViewer

  View on GitHub
  An application to view and filter pool allocations from a dmp file on Windows 10 RS5+.
  ☆149Mar 2, 2023Updated 3 years ago
• D4stiny / PeaceMaker

  View on GitHub
  PeaceMaker Threat Detection is a Windows kernel-based application that detects advanced techniques used by malware.
  ☆431May 22, 2020Updated 5 years ago
• 0xcpu / ExecutiveCallbackObjects

  View on GitHub
  Research on Windows Kernel Executive Callback Objects
  ☆315Feb 22, 2020Updated 6 years ago
• zouxianyu / KernelHiddenExecute

  View on GitHub
  Hide codes/data in the kernel address space.
  ☆188May 8, 2021Updated 4 years ago
• yardenshafir / KernelDataStructureFinder

  View on GitHub
  Driver and WinDBG scripts to dump information about all resources and lookaside lists
  ☆66Apr 4, 2020Updated 5 years ago
• 0xcpu / WinAltSyscallHandler

  View on GitHub
  Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999
  ☆240Nov 6, 2019Updated 6 years ago
• gerhart01 / LiveCloudKd

  View on GitHub
  Hyper-V Research is trendy now
  ☆181Feb 21, 2026Updated last week
• can1357 / ByePg

  View on GitHub
  Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.
  ☆902Nov 21, 2019Updated 6 years ago
• amiryeshurun / HyperWin

  View on GitHub
  A native hypervisor designed for the Windows operating system
  ☆125Mar 6, 2021Updated 4 years ago
• thalium / icebox

  View on GitHub
  Virtual Machine Introspection, Tracing & Debugging
  ☆596Feb 22, 2022Updated 4 years ago
• AndreyBazhan / SymStore

  View on GitHub
  The history of Windows Internals via symbols.
  ☆181Nov 4, 2021Updated 4 years ago
• KelvinMsft / DeviceMon

  View on GitHub
  VT-based PCI device monitor (SPI)
  ☆158Oct 29, 2020Updated 5 years ago
• 0vercl0k / kdmp-parser

  View on GitHub
  A Windows kernel dump C++ parser library with Python 3 bindings.
  ☆213Oct 5, 2025Updated 4 months ago
• DownWithUp / CallMon

  View on GitHub
  CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers
  ☆145Sep 5, 2020Updated 5 years ago
• h4xu3lyn / FuckPg

  View on GitHub
  Analysing and defeating PatchGuard universally
  ☆36Nov 4, 2020Updated 5 years ago
• synacktiv / Windows-kernel-SegmentHeap-Aligned-Chunk-Confusion

  View on GitHub
  PoC exploiting Aligned Chunk Confusion on Windows kernel Segment Heap
  ☆215Jul 2, 2020Updated 5 years ago
• Cr4sh / KernelForge

  View on GitHub
  A library to develop kernel level Windows payloads for post HVCI era
  ☆485May 18, 2021Updated 4 years ago
• yardenshafir / SymlinkCallback

  View on GitHub
  A driver that hooks C: volume using symbolic link callback to track all FS access to the volume
  ☆110Apr 24, 2020Updated 5 years ago
• wbenny / KSOCKET

  View on GitHub
  KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK
  ☆541Sep 2, 2022Updated 3 years ago
• IOActive / FuzzNDIS

  View on GitHub
  A Fuzzer for Windows NDIS Drivers OID Handlers
  ☆96Nov 4, 2021Updated 4 years ago
• zodiacon / PoolMonXv2

  View on GitHub
  Kernel Pool Monitor
  ☆127Mar 6, 2022Updated 3 years ago
• ntoskrnl7 / crtsys

  View on GitHub
  C/C++ Runtime library for system file (Windows Kernel Driver) - Supports Microsoft STL
  ☆192Aug 27, 2022Updated 3 years ago
• 0xhido / BlueLight

  View on GitHub
  Open-source EDR kernel-component for system monitoring and DLL injection
  ☆33Nov 14, 2020Updated 5 years ago
• zhuhuibeishadiao / PatchGuardResearch

  View on GitHub
  win10 pgContext dynamic dump (btc version)
  ☆110Jan 15, 2020Updated 6 years ago
• can1357 / NtRays

  View on GitHub
  Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.
  ☆657Jan 28, 2025Updated last year
• gerhart01 / Hyper-V-Internals

  View on GitHub
  Internals information about Hyper-V
  ☆731Dec 20, 2025Updated 2 months ago
• SinaKarvandi / Misc

  View on GitHub
  This is a place to share my miscellaneous projects.
  ☆116May 2, 2020Updated 5 years ago
• avakar / vcrtl

  View on GitHub
  C++ Exceptions in Windows Drivers
  ☆221Dec 21, 2020Updated 5 years ago
• DownWithUp / DynamicKernelShellcode

  View on GitHub
  An example of how x64 kernel shellcode can dynamically find and use APIs
  ☆104May 14, 2020Updated 5 years ago
• waleedassar / RestrictedKernelLeaks

  View on GitHub
  ☆165Sep 18, 2021Updated 4 years ago
• HyperSine / Windows10-CustomKernelSigners

  View on GitHub
  Load self-signed drivers without TestSigning or disable DSE. Transferred from https://github.com/DoubleLabyrinth/Windows10-CustomKernelSi…
  ☆781Jan 22, 2020Updated 6 years ago
• wbenny / EtwConsumerNT

  View on GitHub
  Simple project that demonstrates how an ETW consumer can be created just by using NTDLL
  ☆146Feb 23, 2019Updated 7 years ago
• hugsy / windbg_js_scripts

  View on GitHub
  Toy scripts for playing with WinDbg JS API
  ☆243Jul 8, 2024Updated last year
• D4stiny / spectre

  View on GitHub
  A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.
  ☆722Aug 5, 2020Updated 5 years ago
• mandiant / STrace

  View on GitHub
  A DTrace on Windows Reimplementation
  ☆369Feb 3, 2026Updated 3 weeks ago
• namazso / physmem_drivers

  View on GitHub
  A collection of various vulnerable (mostly physical memory exposing) drivers.
  ☆449Jun 15, 2022Updated 3 years ago
• IgorKorkin / MemoryRanger

  View on GitHub
  MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…
  ☆232Jul 26, 2020Updated 5 years ago
• Deputation / hygieia

  View on GitHub
  Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.
  ☆151Feb 12, 2022Updated 4 years ago
• jxy-s / stlkrn

  View on GitHub
  C++ STL in the Windows Kernel with C++ Exception Support
  ☆435Aug 16, 2023Updated 2 years ago