Code Injection, Inject malicious payload via pagetables pml4.
☆242Jul 7, 2021Updated 4 years ago
Alternatives and similar repositories for PageTableInjection
Users that are interested in PageTableInjection are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- x64 Windows implementation of virtual-address to physical-address translation☆49Jun 3, 2021Updated 4 years ago
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆218Feb 20, 2023Updated 3 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆241Nov 6, 2019Updated 6 years ago
- Hook NtDeviceIoControlFile with PatchGuard☆107May 10, 2022Updated 3 years ago
- x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration☆393Jul 6, 2022Updated 3 years ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆271Aug 31, 2022Updated 3 years ago
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆580Mar 8, 2024Updated 2 years ago
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆207May 27, 2021Updated 4 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆105May 14, 2020Updated 5 years ago
- Detect removed thread from PspCidTable.☆75Mar 18, 2022Updated 4 years ago
- A library to develop kernel level Windows payloads for post HVCI era☆488May 18, 2021Updated 4 years ago
- Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation fr…☆1,203Jun 17, 2022Updated 3 years ago
- Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.☆905Nov 21, 2019Updated 6 years ago
- Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL☆219Nov 12, 2020Updated 5 years ago
- ☆145Jan 13, 2021Updated 5 years ago
- ☆99Oct 6, 2017Updated 8 years ago
- Easy Anti PatchGuard☆223Apr 9, 2021Updated 4 years ago
- Load your driver like win32k.sys☆258Aug 20, 2022Updated 3 years ago
- Kernel driver for detecting Intel VT-x hypervisors.☆202Jul 11, 2023Updated 2 years ago
- Analyze patches in a process☆260Jul 28, 2021Updated 4 years ago
- A mapper that maps shellcode into loaded large page drivers☆329Apr 26, 2022Updated 3 years ago
- An x64 page table iterator written in C++ as a kernel mode windows driver.☆119May 25, 2021Updated 4 years ago
- Discarded Section Manual Map☆70Jun 18, 2020Updated 5 years ago
- A native hypervisor designed for the Windows operating system☆125Mar 6, 2021Updated 5 years ago
- Hide codes/data in the kernel address space.☆188May 8, 2021Updated 4 years ago
- 从MmPfnData中枚举进程和页目录基址☆208Aug 18, 2023Updated 2 years ago
- Windows Kernel inject (no module no thread)☆282Nov 11, 2022Updated 3 years ago
- Phantom DLL hollowing PoC☆372May 23, 2022Updated 3 years ago
- A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.☆723Aug 5, 2020Updated 5 years ago
- UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …☆350Jul 3, 2022Updated 3 years ago
- Hooking kernel functions by abusing alignment☆249Jan 5, 2021Updated 5 years ago
- Kernel Level NMI Callback Blocker☆168Sep 27, 2025Updated 5 months ago
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated 2 years ago
- A library to manipulate physical memory from usermode.☆303Sep 5, 2023Updated 2 years ago
- Rendering on external windows via hijacking thread contexts☆406Jun 28, 2020Updated 5 years ago
- A x64 Windows Rootkit using SSDT or Hypervisor hook☆567Jan 4, 2025Updated last year
- Hook system calls on Windows by using Kaspersky's hypervisor☆1,285Feb 14, 2026Updated last month
- ☆225Mar 11, 2023Updated 3 years ago
- Two PoC of accessing process virtual memory via NT Kernel☆22Jun 25, 2021Updated 4 years ago