momo5502 / ept-hook-detectionLinks
πͺ Various EPT hook detection approaches
β143Updated 6 months ago
Alternatives and similar repositories for ept-hook-detection
Users that are interested in ept-hook-detection are comparing it to the libraries listed below
Sorting:
- Kernel driver for detecting Intel VT-x hypervisors.β192Updated 2 years ago
- A Hyper-V Hacking Framework For Windows 10 x64 (AMD & Intel)β137Updated 2 years ago
- A simple ida python script to find .data ptrβ58Updated 2 years ago
- Some psuedo snippets from BattlEye's BEDaisy.sys loaded on Rainbow Six: Siege.β130Updated 3 years ago
- Kernel ReClassExβ66Updated 2 years ago
- Detect-KeAttachProcess by iterating through all processes as well as checking the context of the thread.β119Updated 4 years ago
- A basic 100 loc CPU emulator using the existing code of ntoskrnl.exeβ75Updated 2 years ago
- unorthodox approach to analyze a trace, but this helped me get comfy with x64 instructions overall (excluding sse/avx/etc lol), cleared uβ¦β67Updated 2 years ago
- Cheat for my own game SecureGame which uses a bootkit to hyperjack Hyper-V in order to access VBS enclave's memoryβ100Updated last year
- Ghetto user mode emulation of Windows kernel drivers.β160Updated last year
- a minimalistic windows hypervisor for amd processorsβ138Updated 3 years ago
- PE-Dump-Fixerβ111Updated 5 years ago
- nmi stackwalking + module verificationβ157Updated 2 years ago
- Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.β150Updated 4 years ago
- A PoC for requesting HWIDs directly from hardware, skipping any potential hooks or OS support.β89Updated 4 years ago
- Reverse Engineering a signed kernel driver packed and virtualized with VMProtect 3.6β105Updated 2 years ago
- β67Updated 3 years ago
- β73Updated 3 years ago
- reverse engineering of bedaisy.sys (battleyes kernel driver) - Aki2k/BEDaisyβ111Updated 5 years ago
- Hijacking Hyper-V at Runtime with DDMAβ76Updated 5 months ago
- Handling C++ & __try exceptions without the need of built-in handlers.β77Updated 4 years ago
- Bypassing EasyAntiCheat.sys self-integrity by abusing call hierarchyβ83Updated 3 years ago
- just proof of concept. hooking MmCopyMemory PG safe.β81Updated 2 years ago
- A debugger library using VEH.β68Updated last year
- Obfuscate calls to imports by patching in stubsβ72Updated 4 years ago
- A library to assist with memory & code protection.β65Updated last year
- Example driver on how to use SKLibβ67Updated last year
- The windows kernel debugger consists of two parts, KMOD which is the kernel driver handling ring3 request and KCLI, the command line inteβ¦β99Updated 3 years ago
- A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.β153Updated 4 years ago
- based on https://github.com/secrary/Hooking-via-InstrumentationCallbackβ73Updated 6 years ago