ionescu007/HookingNirvana external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

ionescu007/HookingNirvana

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ionescu007/HookingNirvana)

Close

ionescu007 / HookingNirvanaView on GitHubMore

• External links
• Readme badge

Recon 2015 Presentation from Alex Ionescu

☆251Jan 27, 2016Updated 10 years ago

Alternatives and similar repositories for HookingNirvana

Users that are interested in HookingNirvana are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• secrary / Hooking-via-InstrumentationCallback

  View on GitHub
  codes for my blog post: https://secrary.com/Random/InstrumentationCallback/
  ☆183Nov 30, 2017Updated 8 years ago
• conix-security / CRET

  View on GitHub
  Remote execution tool
  ☆14Jan 14, 2014Updated 12 years ago
• AlephNull314 / AbsoluteZero

  View on GitHub
  Anti-AV compilation
  ☆44Oct 4, 2013Updated 12 years ago
• repnz / apc-research

  View on GitHub
  APC Internals Research Code
  ☆175Jun 28, 2020Updated 6 years ago
• tandasat / MemoryMon

  View on GitHub
  Detecting execution of kernel memory where is not backed by any image file
  ☆262Jul 11, 2018Updated 7 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• tandasat / EopMon

  View on GitHub
  Elevation of privilege detector based on HyperPlatform
  ☆123Mar 5, 2017Updated 9 years ago
• tandasat / PgResarch

  View on GitHub
  PatchGuard Research
  ☆305Oct 6, 2018Updated 7 years ago
• waleedassar / ALPC_CLIENT_SERVER

  View on GitHub
  Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.
  ☆21Jan 25, 2022Updated 4 years ago
• sam-b / windows_kernel_address_leaks

  View on GitHub
  Examples of leaking Kernel Mode information from User Mode on Windows
  ☆644Jul 7, 2017Updated 8 years ago
• 0xcpu / WinAltSyscallHandler

  View on GitHub
  Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999
  ☆243Nov 6, 2019Updated 6 years ago
• xuanxuan0 / TiEtwAgent

  View on GitHub
  PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
  ☆298Apr 10, 2021Updated 5 years ago
• deroko / activationcontexthook

  View on GitHub
  ☆34Sep 22, 2017Updated 8 years ago
• tandasat / ListWorkItems

  View on GitHub
  Lists work items being queued currently.
  ☆15Jun 7, 2015Updated 11 years ago
• zer0mem / VadScanner

  View on GitHub
  PoC of BOOST-ed _EPROCESS.VadRoot iterating
  ☆27May 21, 2014Updated 12 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• MagnetForensics / SwishDbgExt

  View on GitHub
  Incident Response & Digital Forensics Debugging Extension
  ☆398Dec 11, 2018Updated 7 years ago
• evil-e / sdb-explorer

  View on GitHub
  Tool to view and create Microsoft shim database files (SDB).
  ☆120May 11, 2017Updated 9 years ago
• gdabah / distormx

  View on GitHub
  The ultimate hooking library
  ☆276Mar 19, 2021Updated 5 years ago
• WithSecureLabs / CallStackSpoofer

  View on GitHub
  A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
  ☆576Apr 8, 2025Updated last year
• JLospinoso / gargoyle

  View on GitHub
  Historical Windows temporal memory-state research artifact for studying time-bound memory observations, validation limits, and defensive …
  ☆907May 15, 2026Updated last month
• hasherezade / module_overloading

  View on GitHub
  A more stealthy variant of "DLL hollowing"
  ☆367Mar 8, 2024Updated 2 years ago
• kkent030315 / NoPatchGuardCallback

  View on GitHub
  x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code
  ☆207May 27, 2021Updated 5 years ago
• swwwolf / wdbgark

  View on GitHub
  WinDBG Anti-RootKit Extension
  ☆642Jul 29, 2020Updated 5 years ago
• Teq2 / SEH-Over-VEH

  View on GitHub
  Implementation of a dispatcher for Structured Exceptions inside a Vectored Exception Handler
  ☆42Feb 15, 2020Updated 6 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• nccgroup / DetectWindowsCopyOnWriteForAPI

  View on GitHub
  Enumerate various traits from Windows processes as an aid to threat hunting
  ☆203Jan 13, 2022Updated 4 years ago
• tandasat / DdiMon

  View on GitHub
  Monitoring and controlling kernel API calls with stealth hook using EPT
  ☆1,390Jan 22, 2022Updated 4 years ago
• can1357 / ByePg

  View on GitHub
  Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.
  ☆911Nov 21, 2019Updated 6 years ago
• tandasat / Sushi

  View on GitHub
  a Japanese food keeps you sane
  ☆120Aug 22, 2015Updated 10 years ago
• tandasat / GuardMon

  View on GitHub
  Hypervisor based tool for monitoring system register accesses.
  ☆156Sep 13, 2018Updated 7 years ago
• msuiche / LiveCloudKd

  View on GitHub
  Hyper-V Research is trendy now
  ☆200May 6, 2024Updated 2 years ago
• sogeti-esec-lab / LKD

  View on GitHub
  Local Kernel Debugger (LKD) is a python wrapper around dbgengine.dll
  ☆91Aug 22, 2016Updated 9 years ago
• 0xcpu / ExecutiveCallbackObjects

  View on GitHub
  Research on Windows Kernel Executive Callback Objects
  ☆317Feb 22, 2020Updated 6 years ago
• markhc / windbg_to_c

  View on GitHub
  Translates WinDbg "dt" structure dump to a C structure
  ☆133Oct 16, 2016Updated 9 years ago
• Deploy open-source AI quickly and easily - Special Bonus Offer • Ad
  Runpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
• wbenny / pdbex

  View on GitHub
  pdbex is a utility for reconstructing structures and unions from the PDB into compilable C headers
  ☆905Jun 18, 2025Updated last year
• ajkhoury / Errata1337

  View on GitHub
  ☆74Dec 17, 2020Updated 5 years ago
• paranoidninja / DotNetTracer

  View on GitHub
  C code to enable ETW tracing for Dotnet Assemblies
  ☆33Aug 12, 2022Updated 3 years ago
• jdu2600 / CFG-FindHiddenShellcode

  View on GitHub
  Walks the CFG bitmap to find previously executable but currently hidden shellcode regions
  ☆139May 17, 2023Updated 3 years ago
• pathtofile / Sealighter

  View on GitHub
  Sysmon-Like research tool for ETW
  ☆393Nov 15, 2022Updated 3 years ago
• VollRagm / PTView

  View on GitHub
  Browse Page Tables on Windows (Page Table Viewer)
  ☆241Apr 2, 2022Updated 4 years ago
• rwfpl / rewolf-wow64ext

  View on GitHub
  Helper library for x86 programs that runs under WOW64 layer on x64 versions of Microsoft Windows operating systems.
  ☆1,007Jan 17, 2023Updated 3 years ago