kkent030315 / EvilHookerView external linksLinks
Function hooks in Windows NT Kernel
☆27Oct 13, 2020Updated 5 years ago
Alternatives and similar repositories for EvilHooker
Users that are interested in EvilHooker are comparing it to the libraries listed below
Sorting:
- A dll injector static library for Win x64 processes with handle elevation supported☆12Mar 28, 2021Updated 4 years ago
- Kernel Cheat for Games that use Modern AntiCheat EAC, Vanguard, Battleye etc☆11Dec 2, 2023Updated 2 years ago
- This driver hooks a device object for ioctl and uses mdls to allocate physical pages and manually injects an entry into a process's page …☆15Feb 14, 2023Updated 3 years ago
- Two PoC of accessing process virtual memory via NT Kernel☆22Jun 25, 2021Updated 4 years ago
- Protected Process (Light) Dump: Uses Zemana AntiMalware Engine To Open a Privileged Handle to a PP/PPL Process And Inject MiniDumpWriteDu…☆25Mar 26, 2020Updated 5 years ago
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- allowing um r/w through km from um ioctl ™☆11Jan 2, 2022Updated 4 years ago
- x64 Windows privilege elevation using anycall☆22May 28, 2021Updated 4 years ago
- i stole this from some guys private repo on github☆58Jul 11, 2021Updated 4 years ago
- windows kernel pagehook☆41Oct 30, 2022Updated 3 years ago
- a dumb rpm/wpm example driver☆15Jun 7, 2021Updated 4 years ago
- ☆15Feb 5, 2021Updated 5 years ago
- NT reversal☆25Jul 12, 2018Updated 7 years ago
- UM-KM Communication using registry callbacks☆39Jun 8, 2020Updated 5 years ago
- hooking KiUserApcDispatcher☆25Apr 3, 2017Updated 8 years ago
- ☆75Dec 17, 2019Updated 6 years ago
- r0akmap is a PoC driver manual mapper based on r0ak☆38Aug 18, 2018Updated 7 years ago
- ☆24May 28, 2021Updated 4 years ago
- NT AUTHORITY\SYSTEM☆43Jul 8, 2020Updated 5 years ago
- A kernel module dumper for Windows x64 using mhyprot vulnerable driver☆37Oct 26, 2020Updated 5 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- Various shellcodes☆13Sep 1, 2020Updated 5 years ago
- ☆14May 10, 2021Updated 4 years ago
- Rendering on external windows via hijacking thread contexts, with notes on ValidateHwnd☆14Jul 9, 2020Updated 5 years ago
- Learn Winapi in this Repo with examples, to understand its abstraction in reverse engineering for Windows.☆11Aug 8, 2022Updated 3 years ago
- A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing…☆14Nov 8, 2020Updated 5 years ago
- A simple present scene, kernel allocation injector.☆27Jun 12, 2022Updated 3 years ago
- A POC for Windows Extension Host hooking☆24Jul 13, 2019Updated 6 years ago
- ☆30Oct 13, 2020Updated 5 years ago
- x64 Windows implementation of virtual-address to physical-address translation☆46Jun 3, 2021Updated 4 years ago
- An attempt to restore and adapt to modern Win10 version the 'Rootkit Arsenal' original code samples☆74Apr 11, 2022Updated 3 years ago
- clearing traces of a loaded driver☆47Jul 2, 2022Updated 3 years ago
- ☆12Aug 10, 2019Updated 6 years ago
- fix wow obfucated IAT☆10Aug 4, 2021Updated 4 years ago
- Driver demonstrating how to register a DPC to asynchronously wait on an object☆50Jan 15, 2021Updated 5 years ago
- A demonstration of how page tables can be used to run arbitrary code in ring-0 and lead to a privesc. Uses CVE-2016-7255 as an example.☆11Jun 11, 2018Updated 7 years ago
- Swap control lioctl with trampoline recording in the .text section☆13Jul 1, 2021Updated 4 years ago
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆88Oct 6, 2020Updated 5 years ago
- ☆34Apr 11, 2023Updated 2 years ago