idkhidden / WinApiPatcher
WinApi Patcher is a straightforward tool leveraging windows API hooking to patch and modify certain behaviors in a targeted environment.
☆38Updated 3 months ago
Related projects: ⓘ
- A simple direct syscall wrapper written in C++ with compatibility for x86 and x64 programs.☆39Updated last year
- spoof return address☆68Updated last year
- A C++17 framework designed to enable obfuscation of constants, variables, and strings.☆25Updated 10 months ago
- codecave hook reverse engineering toolkit.☆31Updated 9 months ago
- PoC exploit for HP Hardware Diagnostic's EtdSupp driver☆50Updated last year
- ☆29Updated 2 months ago
- kernel to user mode APC injector☆43Updated 2 years ago
- DSE & PG bypass via BYOVD attack☆34Updated 5 months ago
- Tool to dump EFI runtime drivers.☆31Updated 6 months ago
- ntoskrnl .data hooks for UM-KM communication☆33Updated 3 months ago
- BEDaisy.sys report bypass☆28Updated 11 months ago
- Simple PE Explorer That List All The Sections and Adresses☆11Updated 7 months ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆100Updated last year
- ☆33Updated this week
- Freeze target threads (external - internal ) by avoiding SuspendThread detections. Or access registers from start address.☆29Updated 5 months ago
- windows rootkit☆50Updated 4 months ago
- PoC kernel to usermode injection☆48Updated 6 months ago
- manual map unsigned driver over signed memory☆152Updated 5 months ago
- ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel drive…☆44Updated last year
- Scan for potentially vulnerable drivers☆79Updated 2 years ago
- December 2023 BattlEye shellcode dump☆26Updated 8 months ago
- Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…☆151Updated 2 months ago
- Compileable POC of namazso's x64 return address spoofer.☆46Updated 4 years ago
- PoC Anti-Rootkit to uncover Windows Drivers/Rootkits mapped to Kernel Memory.☆138Updated this week
- Makes IDA (most versions) to crash upon opening it.☆52Updated 3 weeks ago
- TS-Changer - Forces the machine in/out of TestSigning Mode at runtime.☆58Updated last year
- Using Windows' own bootloader as a shim to bypass Secure Boot☆128Updated 2 months ago
- Load dll with undocumented functions and debug symbols☆45Updated last month
- silence file system monitoring components by hooking their minifilters☆49Updated 7 months ago
- Reverse engineering winapi function loadlibrary.☆59Updated last year