lldre / handle_exploration
Figuring out the cause of a handle downgrade
☆24Updated 2 years ago
Alternatives and similar repositories for handle_exploration:
Users that are interested in handle_exploration are comparing it to the libraries listed below
- win32/x64 obfuscate framework☆32Updated 5 years ago
- .lib file for linking against the NT CRT☆18Updated 2 years ago
- ☆29Updated 3 years ago
- ☆16Updated 5 years ago
- Driver demonstrating how to register a DPC to asynchronously wait on an object☆49Updated 4 years ago
- ☆68Updated 4 years ago
- NT reversal☆25Updated 6 years ago
- Analysing and defeating PatchGuard universally☆34Updated 4 years ago
- x64 assembler library☆31Updated 9 months ago
- Library for using direct system calls☆35Updated last month
- Translates WinDbg "dt" structure dump to a C structure☆13Updated 4 years ago
- Takes a Windbg dumped structure (using the 'dt' command) and formats it into a C structure☆35Updated 8 months ago
- Personal curation of Clang/LLVM patches.☆13Updated 4 years ago
- A library for intel VT-x hypervisor functionality supporting EPT shadowing.☆49Updated 4 years ago
- Shareds for kernel developement☆27Updated 11 years ago
- Detects if a Kernel mode debugger is active by reading the value of KUSER_SHARED_DATA.KdDebuggerEnabled. It is a high level and portable …☆23Updated 7 years ago
- Windbg extension that allows you analyze Control Flow Guard map☆34Updated 3 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆53Updated 5 years ago
- viewing page boundaries of pages with PAGE_NOACCESS protection reveals the presence of x64dbg.☆23Updated 8 years ago
- IA32-doc is a project which aims to put as many definitions from the Intel Manual into machine-processable format as possible☆16Updated 2 years ago
- Example of hijacking system calls via function pointer tables☆32Updated 3 years ago
- Software Distribution Service☆12Updated 9 years ago
- Simple header only library to change return address on current stack frame.☆23Updated 8 years ago
- ☆15Updated 2 years ago
- A way to detect DBI frameworks, Debuggers and VMs.☆22Updated 4 years ago
- A reflexive driver loader to bypass Windows DSE (featuring a custom PE loader)☆42Updated 6 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆24Updated 3 years ago
- Simple library to handle PE files loading, relocating, get/set data, ..., in addition to process handling☆32Updated 5 years ago
- Windows Console Monitor☆33Updated 5 years ago
- Small project to generate fake DLLs based on an executable's import table☆23Updated 4 years ago