jseclab / UGuardMap
bootkit驱动映射,三环进程注入加载指定模块
☆11Updated last month
Related projects ⓘ
Alternatives and complementary repositories for UGuardMap
- windows kernel pagehook☆38Updated 2 years ago
- Proof-of-concept game using VBS enclaves to protect itself from cheating☆21Updated 2 weeks ago
- research revolving the windows filtering platform callout mechanism☆22Updated 5 months ago
- Compile-Time Calls Obfuscator for C++14+☆34Updated 11 months ago
- direct systemcalls with a modern c++20 interface.☆42Updated last year
- A method to Disable DSE using .data ptr hooks☆26Updated 9 months ago
- A poc that abuses Enclave☆36Updated 2 years ago
- ☆23Updated 8 months ago
- Based on minhook☆27Updated last year
- VEH debug plugin☆13Updated 2 years ago
- collection of code snippets,windbg,python scripts and resources☆13Updated 2 years ago
- Hijack NotifyRoutine for a kernelmode thread☆41Updated 2 years ago
- 大部分常见windows内核文件合集 下方链接里有更多更全面的☆14Updated last year
- Windows Research Kernel VS2022 Solution☆24Updated 2 months ago
- Only for Stress-Testing☆22Updated 2 years ago
- ☆24Updated last year
- ☆25Updated 3 years ago
- ☆26Updated last year
- Patches DSE by swapping both data ptrs located in SeValidateImageHeader && SeValidateImageData☆20Updated 9 months ago
- Kernel Level NMI Callback Blocker☆36Updated 2 months ago
- ☆23Updated last year
- ntos shit☆21Updated 9 months ago
- Protected Process Light Library☆18Updated 4 years ago
- POC Hook of nt!HvcallCodeVa☆50Updated last year
- WinHvShellcodeEmulator (WHSE) is a shellcode emulator leveraging the Windows Hypervisor Platform API☆19Updated 2 years ago
- A native Windows library for intercepting kernel-to-user transitions using instrumentation callbacks☆16Updated 9 months ago
- partially disable patchguard up to win11 21H2☆16Updated 5 months ago
- ☆32Updated last year
- windows kernelmode driver to inject dll into each and every process and perform systemwide function hooking☆52Updated 2 years ago