ivkin25 / Process-Hollowing
An implementation of the Process Hollowing technique.
☆16Updated 4 years ago
Alternatives and similar repositories for Process-Hollowing:
Users that are interested in Process-Hollowing are comparing it to the libraries listed below
- ☆26Updated 3 years ago
- Example of hijacking system calls via function pointer tables☆31Updated 3 years ago
- Hijack NotifyRoutine for a kernelmode thread☆41Updated 2 years ago
- ☆26Updated 7 years ago
- ☆31Updated 4 years ago
- win32/x64 obfuscate framework☆32Updated 6 years ago
- Shh0ya Kernel Hook Driver☆21Updated 4 years ago
- UnknownField is a tool based clang that obfuscating the order of fields to protect your C/C++ game or code.☆44Updated 2 years ago
- Скрытие строки от отладчиков и декомпиляторов☆50Updated 5 years ago
- Protected Process Light Library☆18Updated 4 years ago
- ☆24Updated 6 years ago
- A poc that abuses Enclave☆38Updated 2 years ago
- Injector with kernel power☆16Updated 4 years ago
- ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel drive…☆48Updated 2 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆24Updated 3 years ago
- Bypasses for Windows kernel callbacks PatchGuard protection☆43Updated 3 years ago
- Bypassing kernel patch protection runtime☆20Updated 2 years ago
- Patches DSE by swapping both data ptrs located in SeValidateImageHeader && SeValidateImageData☆19Updated last year
- Hooking Shadow and normal SSDT with Kaspersky Hypervisor and abusing alignment☆24Updated 4 years ago
- Allows you to find the use of ScyllaHide, if your program will debug and restore hooking functions bytes.☆25Updated 5 years ago
- With this RunPE you can easily inject your payload in any x86 or x64 program.☆13Updated 5 years ago
- Stealthy Injector that leverages a vulnerable driver and other exploits to remain undetected☆36Updated 6 years ago
- direct systemcalls with a modern c++20 interface.☆42Updated 2 years ago
- This is the P.O.C source for hooking the system calls on Windows 10 (1903) using it's dynamic trace feature weakness☆51Updated 5 years ago
- Two PoC of accessing process virtual memory via NT Kernel☆22Updated 3 years ago
- A packed & protected Module Loader and more, for 64-bit Windows☆29Updated 4 years ago
- using gpuz to load driver☆33Updated 6 years ago
- X86/X64 Hardware Breakpoint Manager☆41Updated 3 years ago
- Record & prevent file deletion in kernel mode☆42Updated 4 years ago
- Bypass UAC by abusing the Security Center CPL and hijacking a shell protocol handler☆28Updated 3 years ago