m417z / ntdoc

Related projects ⓘ

Alternatives and complementary repositories for ntdoc

• mrexodia / phnt-single-header
  Single header version of System Informer's phnt library.
  ☆186Updated this week
• hfiref0x / WubbabooMark
  Debugger Anti-Detection Benchmark
  ☆291Updated 11 months ago
• thesecretclub / SandboxBootkit
  Bootkit for Windows Sandbox to disable DSE/PatchGuard.
  ☆261Updated last month
• alexander-hanel / msdocsviewer
  msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.
  ☆148Updated 10 months ago
• MiroKaku / Musa.Veil
  Collection of undocumented Windows API declarations.
  ☆291Updated 3 weeks ago
• mandiant / STrace
  A DTrace on Windows Reimplementation
  ☆328Updated 3 weeks ago
• Xyrem / Yumekage
  Demo proof of concept for shadow regions, and implementation of HyperDeceit.
  ☆267Updated last year
• can1357 / hvdetecc
  Collection of hypervisor detections
  ☆189Updated last month
• KiFilterFiberContext / warbird-hook
  Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard
  ☆237Updated 2 years ago
• zodiacon / TotalPE2
  PE Viewer
  ☆152Updated 3 weeks ago
• Fyyre / DrvMon
  Advanced driver monitoring utility.
  ☆201Updated 2 years ago
• Fyyre / ntdll
  ntdll.h - compatible with MSVC 6.0, Intel C++ Compiler and MinGW. Serves as a complete replacement for Windows.h
  ☆130Updated 5 years ago
• zhuhuibeishadiao / ntoskrnl
  The Windows Research Kernel (WRK)
  ☆174Updated 8 years ago
• Xyrem / HyperDeceit
  HyperDeceit is the ultimate all-in-one library that emulates Hyper-V for Windows, giving you the ability to intercept and manipulate oper…
  ☆360Updated last year
• NullArray / WinKernel-Resources
  A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level …
  ☆123Updated 2 years ago
• zodiacon / Recon2023
  Recon 2023 slides and code
  ☆79Updated last year
• Cr4sh / KernelForge
  A library to develop kernel level Windows payloads for post HVCI era
  ☆366Updated 3 years ago
• hasherezade / pe_unmapper
  Small tool to convert beteween the PE alignments (raw and virtual).
  ☆81Updated last year
• zodiacon / ObjectExplorer
  Explore Kernel Objects on Windows
  ☆200Updated 10 months ago
• VoidSec / DriverBuddyReloaded
  Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks
  ☆326Updated 3 weeks ago
• tandasat / hvext
  The Windbg extension that implements commands helpful to study Hyper-V on Intel processors.
  ☆130Updated last month
• ElliotKillick / windows-vs-linux-loader-architecture
  Side-by-side comparison of the Windows and Linux (GNU) Loaders
  ☆288Updated 2 months ago
• namazso / MagicSigner
  Signtool for expired certificates
  ☆455Updated last year
• can1357 / selene
  Kernel-mode Paravirtualization in Ring 2, LLVM based linker, and some other things!
  ☆260Updated 3 weeks ago
• diversenok / Suspending-Techniques
  Comparing, discussing, and bypassing various techniques for suspending and freezing processes on Windows.
  ☆114Updated 3 years ago
• notpidgey / EagleVM
  Native code virtualizer for x64 binaries
  ☆403Updated this week
• adrianyy / kernelhook
  Windows inline hooking tool.
  ☆226Updated 6 years ago
• Dump-GUY / IDA_PHNT_TYPES
  Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).
  ☆115Updated 2 months ago
• therealdreg / masm32-kernel-programming
  masm32 kernel programming, drivers, tutorials, examples, and tools (credits Four-F)
  ☆115Updated last year
• kkent030315 / anycall
  x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration
  ☆226Updated 2 years ago