Code Injection, Inject malicious payload via pagetables pml4.
☆243Jul 7, 2021Updated 4 years ago
Alternatives and similar repositories for PageTableInjection
Users that are interested in PageTableInjection are comparing it to the libraries listed below
Sorting:
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆218Feb 20, 2023Updated 3 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆240Nov 6, 2019Updated 6 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆104May 14, 2020Updated 5 years ago
- x64 Windows implementation of virtual-address to physical-address translation☆48Jun 3, 2021Updated 4 years ago
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆580Mar 8, 2024Updated last year
- x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration☆388Jul 6, 2022Updated 3 years ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆268Aug 31, 2022Updated 3 years ago
- Hook NtDeviceIoControlFile with PatchGuard☆107May 10, 2022Updated 3 years ago
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆208May 27, 2021Updated 4 years ago
- Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL☆219Nov 12, 2020Updated 5 years ago
- Analyze patches in a process☆259Jul 28, 2021Updated 4 years ago
- A library to develop kernel level Windows payloads for post HVCI era☆486May 18, 2021Updated 4 years ago
- Easy Anti PatchGuard☆223Apr 9, 2021Updated 4 years ago
- ☆99Oct 6, 2017Updated 8 years ago
- Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.☆902Nov 21, 2019Updated 6 years ago
- Detect removed thread from PspCidTable.☆75Mar 18, 2022Updated 3 years ago
- Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation fr…☆1,196Jun 17, 2022Updated 3 years ago
- Kernel driver for detecting Intel VT-x hypervisors.☆197Jul 11, 2023Updated 2 years ago
- A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.☆722Aug 5, 2020Updated 5 years ago
- Resolve DOS MZ executable symbols at runtime☆96Nov 12, 2021Updated 4 years ago
- A mapper that maps shellcode into loaded large page drivers☆324Apr 26, 2022Updated 3 years ago
- A native hypervisor designed for the Windows operating system☆125Mar 6, 2021Updated 4 years ago
- Load your driver like win32k.sys☆258Aug 20, 2022Updated 3 years ago
- Windows Kernel inject (no module no thread)☆282Nov 11, 2022Updated 3 years ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆145Sep 5, 2020Updated 5 years ago
- Hide codes/data in the kernel address space.☆188May 8, 2021Updated 4 years ago
- The program draws with win32k gdi functions in the kernel while NtGdiDdDDISubmitCommand is being hooked.☆345Apr 27, 2020Updated 5 years ago
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆301Apr 10, 2021Updated 4 years ago
- UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red ��…☆349Jul 3, 2022Updated 3 years ago
- 从MmPfnData中枚举进程和页目录基址☆207Aug 18, 2023Updated 2 years ago
- An x64 page table iterator written in C++ as a kernel mode windows driver.☆119May 25, 2021Updated 4 years ago
- c++ implementation of windows heavens gate☆70Feb 12, 2021Updated 5 years ago
- ☆146Jan 13, 2021Updated 5 years ago
- Rendering on external windows via hijacking thread contexts☆404Jun 28, 2020Updated 5 years ago
- Bypasses for Windows kernel callbacks PatchGuard protection☆44Aug 15, 2021Updated 4 years ago
- C++ Exceptions in Windows Drivers☆221Dec 21, 2020Updated 5 years ago
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated last year
- usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to …☆473Jan 3, 2022Updated 4 years ago
- Hook system calls on Windows by using Kaspersky's hypervisor☆1,281Feb 14, 2026Updated 2 weeks ago