ionescu007/HookingNirvana external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

ionescu007/HookingNirvana

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/ionescu007/HookingNirvana)

Close

ionescu007 / HookingNirvanaView on GitHubMore

• External links
• Readme badge

Recon 2015 Presentation from Alex Ionescu

☆250Jan 27, 2016Updated 10 years ago

Alternatives and similar repositories for HookingNirvana

Users that are interested in HookingNirvana are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• secrary / Hooking-via-InstrumentationCallback

  View on GitHub
  codes for my blog post: https://secrary.com/Random/InstrumentationCallback/
  ☆182Nov 30, 2017Updated 8 years ago
• conix-security / CRET

  View on GitHub
  Remote execution tool
  ☆14Jan 14, 2014Updated 12 years ago
• AlephNull314 / AbsoluteZero

  View on GitHub
  Anti-AV compilation
  ☆44Oct 4, 2013Updated 12 years ago
• repnz / apc-research

  View on GitHub
  APC Internals Research Code
  ☆171Jun 28, 2020Updated 5 years ago
• tandasat / MemoryMon

  View on GitHub
  Detecting execution of kernel memory where is not backed by any image file
  ☆262Jul 11, 2018Updated 7 years ago
• GPUs on demand by Runpod - Special Offer Available • Ad
  Run AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
• tandasat / EopMon

  View on GitHub
  Elevation of privilege detector based on HyperPlatform
  ☆124Mar 5, 2017Updated 9 years ago
• tandasat / PgResarch

  View on GitHub
  PatchGuard Research
  ☆305Oct 6, 2018Updated 7 years ago
• waleedassar / ALPC_CLIENT_SERVER

  View on GitHub
  Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.
  ☆21Jan 25, 2022Updated 4 years ago
• sam-b / windows_kernel_address_leaks

  View on GitHub
  Examples of leaking Kernel Mode information from User Mode on Windows
  ☆640Jul 7, 2017Updated 8 years ago
• 0xcpu / WinAltSyscallHandler

  View on GitHub
  Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999
  ☆242Nov 6, 2019Updated 6 years ago
• xuanxuan0 / TiEtwAgent

  View on GitHub
  PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
  ☆300Apr 10, 2021Updated 5 years ago
• deroko / activationcontexthook

  View on GitHub
  ☆34Sep 22, 2017Updated 8 years ago
• tandasat / ListWorkItems

  View on GitHub
  Lists work items being queued currently.
  ☆15Jun 7, 2015Updated 10 years ago
• zer0mem / VadScanner

  View on GitHub
  PoC of BOOST-ed _EPROCESS.VadRoot iterating
  ☆27May 21, 2014Updated 11 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• MagnetForensics / SwishDbgExt

  View on GitHub
  Incident Response & Digital Forensics Debugging Extension
  ☆393Dec 11, 2018Updated 7 years ago
• evil-e / sdb-explorer

  View on GitHub
  Tool to view and create Microsoft shim database files (SDB).
  ☆119May 11, 2017Updated 8 years ago
• gdabah / distormx

  View on GitHub
  The ultimate hooking library
  ☆276Mar 19, 2021Updated 5 years ago
• WithSecureLabs / CallStackSpoofer

  View on GitHub
  A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)
  ☆562Apr 8, 2025Updated last year
• JLospinoso / gargoyle

  View on GitHub
  A memory scanning evasion technique
  ☆899May 24, 2017Updated 8 years ago
• kkent030315 / NoPatchGuardCallback

  View on GitHub
  x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code
  ☆208May 27, 2021Updated 4 years ago
• hasherezade / module_overloading

  View on GitHub
  A more stealthy variant of "DLL hollowing"
  ☆366Mar 8, 2024Updated 2 years ago
• swwwolf / wdbgark

  View on GitHub
  WinDBG Anti-RootKit Extension
  ☆646Jul 29, 2020Updated 5 years ago
• nccgroup / DetectWindowsCopyOnWriteForAPI

  View on GitHub
  Enumerate various traits from Windows processes as an aid to threat hunting
  ☆201Jan 13, 2022Updated 4 years ago
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• Teq2 / SEH-Over-VEH

  View on GitHub
  Implementation of a dispatcher for Structured Exceptions inside a Vectored Exception Handler
  ☆42Feb 15, 2020Updated 6 years ago
• tandasat / DdiMon

  View on GitHub
  Monitoring and controlling kernel API calls with stealth hook using EPT
  ☆1,366Jan 22, 2022Updated 4 years ago
• tandasat / Sushi

  View on GitHub
  a Japanese food keeps you sane
  ☆120Aug 22, 2015Updated 10 years ago
• can1357 / ByePg

  View on GitHub
  Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.
  ☆904Nov 21, 2019Updated 6 years ago
• tandasat / GuardMon

  View on GitHub
  Hypervisor based tool for monitoring system register accesses.
  ☆156Sep 13, 2018Updated 7 years ago
• msuiche / LiveCloudKd

  View on GitHub
  Hyper-V Research is trendy now
  ☆199May 6, 2024Updated last year
• sogeti-esec-lab / LKD

  View on GitHub
  Local Kernel Debugger (LKD) is a python wrapper around dbgengine.dll
  ☆92Aug 22, 2016Updated 9 years ago
• 0xcpu / ExecutiveCallbackObjects

  View on GitHub
  Research on Windows Kernel Executive Callback Objects
  ☆315Feb 22, 2020Updated 6 years ago
• markhc / windbg_to_c

  View on GitHub
  Translates WinDbg "dt" structure dump to a C structure
  ☆133Oct 16, 2016Updated 9 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• wbenny / pdbex

  View on GitHub
  pdbex is a utility for reconstructing structures and unions from the PDB into compilable C headers
  ☆898Jun 18, 2025Updated 10 months ago
• ajkhoury / Errata1337

  View on GitHub
  ☆69Dec 17, 2020Updated 5 years ago
• paranoidninja / DotNetTracer

  View on GitHub
  C code to enable ETW tracing for Dotnet Assemblies
  ☆32Aug 12, 2022Updated 3 years ago
• jdu2600 / CFG-FindHiddenShellcode

  View on GitHub
  Walks the CFG bitmap to find previously executable but currently hidden shellcode regions
  ☆134May 17, 2023Updated 2 years ago
• pathtofile / Sealighter

  View on GitHub
  Sysmon-Like research tool for ETW
  ☆387Nov 15, 2022Updated 3 years ago
• VollRagm / PTView

  View on GitHub
  Browse Page Tables on Windows (Page Table Viewer)
  ☆237Apr 2, 2022Updated 4 years ago
• rwfpl / rewolf-wow64ext

  View on GitHub
  Helper library for x86 programs that runs under WOW64 layer on x64 versions of Microsoft Windows operating systems.
  ☆1,005Jan 17, 2023Updated 3 years ago