je5442804 / NtCreateUserProcess-PostLinks
NtCreateUserProcess with CsrClientCallServer for mainstream Windows x64 version
☆42Updated last year
Alternatives and similar repositories for NtCreateUserProcess-Post
Users that are interested in NtCreateUserProcess-Post are comparing it to the libraries listed below
Sorting:
- Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post☆77Updated last year
- Minimalistic HTTP(S) client for the NT kernel☆61Updated 2 months ago
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Updated 10 months ago
- Hook all callbacks which are registered with LdrRegisterDllNotification☆96Updated 10 months ago
- PoC exploit for HP Hardware Diagnostic's EtdSupp driver☆50Updated 2 years ago
- silence file system monitoring components by hooking their minifilters☆59Updated 2 years ago
- Finding Truth in the Shadows☆120Updated 3 years ago
- windows rootkit☆60Updated last year
- bootkit驱动映射,三环进程注入加载指定模块☆14Updated last year
- .data ptr swapper for newer win32k versions. (Supports Windows 11)☆33Updated 2 weeks ago
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆79Updated 3 years ago
- Detours implementation (x64/x86) which used only ntdll import☆90Updated 3 months ago
- ☆118Updated 3 years ago
- IAT-Obfuscation to make static analysis of executable harder.☆44Updated 4 years ago
- A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using Instrumentation…☆38Updated 2 years ago
- Usermode NT Explorer - Query kernel addresses, translate virtual to physical addresses, inspect the PFN database, and more.☆68Updated last week
- Fast covert timing channel communication for inter-process and inter-processor communication on Windows systems.☆67Updated 2 months ago
- Compileable POC of namazso's x64 return address spoofer.☆50Updated 5 years ago
- ☆29Updated last year
- Elevate arbitrary MSR writes to kernel execution.☆44Updated 2 years ago
- Dynamically generated obfuscated jumps and/or function calls☆38Updated 2 years ago
- Windows 11 kernel research framework demonstrating DSE bypass on Windows 11 25H2 through boot-time execution. Loads unsigned drivers by s…☆75Updated last month
- Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.☆36Updated 3 years ago
- Tiny driver patch to allow kernel callbacks to work on Win10 21h1☆34Updated 4 years ago
- An extended proof-of-concept for the CVE-2021-21551 Dell ‘dbutil_2_3.sys’ Kernel Exploit☆24Updated 4 years ago
- ☆24Updated 2 years ago
- A serie of exploits targeting eneio64.sys - Turning Physical Memory R/W into Virtual Memory R/W☆113Updated 3 months ago
- ☆26Updated last year
- WinDbg plugin to trace module transitions from a debugged driver.☆38Updated last month
- ☆42Updated 11 months ago