Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post
☆80Sep 2, 2024Updated last year
Alternatives and similar repositories for CreateProcessInternalW-Full
Users that are interested in CreateProcessInternalW-Full are comparing it to the libraries listed below
Sorting:
- NtCreateUserProcess with CsrClientCallServer for mainstream Windows x64 version☆44Jul 16, 2024Updated last year
- PsSetCreateProcessNotifyRoutine/Ex/Ex2 hook☆12May 30, 2024Updated last year
- 扫描以及恢复 r3hook 类☆10Aug 29, 2021Updated 4 years ago
- Dump PDB Symbols including support for Bochs Debugging Format (with wine support)☆14Aug 11, 2023Updated 2 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- Static Library For Windows Drivers☆41Dec 13, 2025Updated 2 months ago
- Reverse Engineering☆13Jun 22, 2017Updated 8 years ago
- Call NtCreateUserProcess directly as normal.☆77May 17, 2022Updated 3 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆73Aug 11, 2023Updated 2 years ago
- ☆14Dec 3, 2022Updated 3 years ago
- Handling C++ & __try exceptions without the need of built-in handlers.☆77Aug 28, 2021Updated 4 years ago
- Tiny driver patch to allow kernel callbacks to work on Win10 21h1☆34Feb 7, 2022Updated 4 years ago
- ☆208Apr 5, 2022Updated 3 years ago
- Piece of code to detect and remove hooks in IAT☆65May 30, 2022Updated 3 years ago
- win32/x64 obfuscate framework☆33Apr 16, 2019Updated 6 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆202Jan 13, 2022Updated 4 years ago
- ☆40May 10, 2025Updated 9 months ago
- A PoC of Stack encryption prior to custom sleeping by leveraging CPU cycles.☆66May 2, 2023Updated 2 years ago
- This is a simple project made to evade https://github.com/thefLink/Hunt-Sleeping-Beacons by using a busy wait instead of beacon's built i…☆36Jan 15, 2022Updated 4 years ago
- Ready-to-use headers for Windows Kernel SSDT indices☆11Apr 12, 2020Updated 5 years ago
- R3劫持所有异常☆15Jan 4, 2021Updated 5 years ago
- C++ library for low-level Windows development☆81Apr 12, 2024Updated last year
- ☆174Mar 9, 2022Updated 3 years ago
- ☆170Jan 7, 2022Updated 4 years ago
- Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.☆38May 12, 2022Updated 3 years ago
- Simulate SendInput with ClassService☆35Sep 5, 2018Updated 7 years ago
- c++ implementation of windows heavens gate☆70Feb 12, 2021Updated 5 years ago
- ☆12Aug 28, 2017Updated 8 years ago
- ☆14Nov 29, 2021Updated 4 years ago
- A simple x86_64 AMD-v hypervisor type-2 Programmed with C++, with soon to be added syscall hooks. [W.I.P]☆104Aug 3, 2023Updated 2 years ago
- Another method to anti ThreadHideFromDebugger☆37Mar 5, 2019Updated 6 years ago
- A bunch of parsers for PE and PDB formats in C++☆267May 15, 2024Updated last year
- Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemo…☆127Jan 18, 2022Updated 4 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- A project on the Unicorn emulator to emulate the code of Pe files in windows☆28Sep 12, 2024Updated last year
- Injects position-dependent code into a code cave in an executable file, and applies relocations.☆26May 12, 2023Updated 2 years ago
- ☆13Jan 12, 2022Updated 4 years ago
- Convert native dll to shellcode, and support exported function☆25Feb 10, 2021Updated 5 years ago
- Rookit and anti rookit on Windows platform☆14Apr 30, 2024Updated last year