m417z / ntdoc
Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers
☆142Updated this week
Related projects: ⓘ
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆251Updated 2 years ago
- Single header version of System Informer's phnt library.☆172Updated 3 months ago
- A DTrace on Windows Reimplementation☆317Updated last month
- msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.☆148Updated 8 months ago
- Collection of undocumented Windows API declarations.☆283Updated 3 weeks ago
- Debugger Anti-Detection Benchmark☆283Updated 9 months ago
- Advanced driver monitoring utility.☆194Updated 2 years ago
- HyperDeceit is the ultimate all-in-one library that emulates Hyper-V for Windows, giving you the ability to intercept and manipulate oper…☆353Updated last year
- DSE bypass using a leaked cert and adjusting the current clock.☆133Updated 2 years ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆229Updated 2 years ago
- Global user-mode hooking framework, based on AppInit_DLLs. The goal is to allow you to rapidly develop hooks to inject in an arbitrary pr…☆156Updated 2 years ago
- A library to develop kernel level Windows payloads for post HVCI era☆355Updated 3 years ago
- A list of excellent resources for anyone to deepen their understanding with regards to Windows Kernel Exploitation and general low level …☆116Updated last year
- Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks☆315Updated last year
- masm32 kernel programming, drivers, tutorials, examples, and tools (credits Four-F)☆114Updated last year
- Signtool for expired certificates☆441Updated last year
- Native code virtualizer for x64 binaries☆355Updated this week
- A collection of various vulnerable (mostly physical memory exposing) drivers.☆312Updated 2 years ago
- Demo proof of concept for shadow regions, and implementation of HyperDeceit.☆260Updated last year
- This project provides a collection of Microsoft Windows kernel structures, unions and enumerations. Most of them are not officially docum…☆159Updated 3 months ago
- ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solution…☆195Updated 2 years ago
- PE Viewer☆143Updated 2 months ago
- A more stealthy variant of "DLL hollowing"☆335Updated 6 months ago
- ☆186Updated this week
- The Windows Research Kernel (WRK)☆168Updated 7 years ago
- ☆144Updated 3 weeks ago
- A modern c++ implementation of windows heavens gate☆193Updated 4 years ago
- API Set resolver for Windows☆114Updated last week
- x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration☆214Updated 2 years ago
- ntdll.h - compatible with MSVC 6.0, Intel C++ Compiler and MinGW. Serves as a complete replacement for Windows.h☆128Updated 5 years ago