🪝 Various EPT hook detection approaches
☆144Feb 22, 2026Updated last month
Alternatives and similar repositories for ept-hook-detection
Users that are interested in ept-hook-detection are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- 🧪 Hypervisor with EPT hooking support.☆326Mar 1, 2026Updated 3 weeks ago
- Kernel driver for detecting Intel VT-x hypervisors.☆202Jul 11, 2023Updated 2 years ago
- ☆225Mar 11, 2023Updated 3 years ago
- Simple Intel VT-x hypervisor☆360Dec 10, 2023Updated 2 years ago
- Lightweight Intel VT-x Hypervisor.☆672Dec 17, 2024Updated last year
- A simple UM + KM example of how to bypass EAC CR3☆188Oct 13, 2025Updated 5 months ago
- ☆73Aug 31, 2022Updated 3 years ago
- Emulate Drivers in RING3 with self context mapping or unicorn☆366Aug 18, 2022Updated 3 years ago
- Mapping your code on a 0x1000 size page☆71May 20, 2022Updated 3 years ago
- A simple x86_64 AMD-v hypervisor type-2 Programmed with C++, with soon to be added syscall hooks. [W.I.P]☆104Aug 3, 2023Updated 2 years ago
- Easy Anti PatchGuard☆222Apr 9, 2021Updated 4 years ago
- base for testing☆187Sep 28, 2024Updated last year
- detect hypervisor with Nmi Callback☆42Sep 25, 2022Updated 3 years ago
- Browse Page Tables on Windows (Page Table Viewer)☆236Apr 2, 2022Updated 3 years ago
- 从MmPfnData中枚举进程和页目录基址☆208Aug 18, 2023Updated 2 years ago
- Only for Stress-Testing☆26Apr 9, 2022Updated 3 years ago
- Detects virtual machines and malware analysis environments☆146Oct 18, 2022Updated 3 years ago
- Detect removed thread from PspCidTable.☆75Mar 18, 2022Updated 4 years ago
- x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration☆393Jul 6, 2022Updated 3 years ago
- Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.☆389Aug 8, 2021Updated 4 years ago
- Experimental disassembler for x86 binaries virtualized by VMProtect 3☆98Aug 27, 2022Updated 3 years ago
- a minimalistic windows hypervisor for amd processors☆146Jun 30, 2022Updated 3 years ago
- 09/2021 reversal of EasyAntiCheat driver☆237Dec 21, 2021Updated 4 years ago
- Kernel Level NMI Callback Blocker☆168Sep 27, 2025Updated 5 months ago
- Intel learning hypervisor and some extend function☆23Aug 23, 2025Updated 7 months ago
- Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executabl…☆388Jan 29, 2022Updated 4 years ago
- A library for intel VT-x hypervisor functionality supporting EPT shadowing.☆51Mar 11, 2021Updated 5 years ago
- ☆34Oct 10, 2023Updated 2 years ago
- Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL☆219Nov 12, 2020Updated 5 years ago
- kernel mode anti cheat☆647Aug 4, 2024Updated last year
- Detect-KeAttachProcess by iterating through all processes as well as checking the context of the thread.☆121Feb 8, 2022Updated 4 years ago
- POC usermode <=> kernel communication via ALPC.☆72Jun 6, 2024Updated last year
- ShotHv☆155Mar 8, 2022Updated 4 years ago
- InfinityHookPro Win7 -> Win11 latest☆553Feb 7, 2023Updated 3 years ago
- etw hook (syscall/infinity hook) compatible with the latest Windows version of PG☆328Apr 27, 2024Updated last year
- POC Hook of nt!HvcallCodeVa☆54May 8, 2023Updated 2 years ago
- kernel anticheat to test your driver against☆184Jun 16, 2025Updated 9 months ago
- An example code of CiGetCertPublisherName☆16Mar 24, 2022Updated 4 years ago
- 使用vt进行无痕hook,支持r3☆63Feb 1, 2019Updated 7 years ago