msuiche / LiveCloudKd
Hyper-V Research is trendy now
☆172Updated 6 months ago
Related projects ⓘ
Alternatives and complementary repositories for LiveCloudKd
- Hyper-V Research is trendy now☆151Updated last month
- ☆121Updated last month
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆219Updated 4 years ago
- Hyper-V scripts☆112Updated last year
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆206Updated 5 years ago
- Windbg2ida lets you dump each step in Windbg then shows these steps in IDA☆73Updated 4 months ago
- The history of Windows Internals via symbols.☆177Updated 3 years ago
- Toy scripts for playing with WinDbg JS API☆220Updated 4 months ago
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆135Updated 5 years ago
- Elevation of privilege detector based on HyperPlatform☆117Updated 7 years ago
- (unofficial) Hyper-V® Development Kit☆215Updated 9 months ago
- Research on Windows Kernel Executive Callback Objects☆278Updated 4 years ago
- ☆107Updated 4 years ago
- VT-based PCI device monitor (SPI)☆150Updated 4 years ago
- A Windows kernel dump C++ parser library with Python 3 bindings.☆193Updated 4 months ago
- Toolkit for Hyper-V security research☆155Updated 2 years ago
- Tools for instrumenting Windows Defender's mpengine.dll☆281Updated 6 years ago
- Two IDAPython Scripts help you to reconstruct Microsoft COM (Component Object Model) Code☆178Updated 4 years ago
- Translates WinDbg "dt" structure dump to a C structure☆126Updated 8 years ago
- A collection of my IDA plugins☆131Updated 4 years ago
- An application to view and filter pool allocations from a dmp file on Windows 10 RS5+.☆124Updated last year
- Bindings for Microsoft WinDBG TTD☆213Updated last year
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆129Updated 4 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆102Updated 4 years ago
- ☆151Updated last month
- Basic Windows Kernel Programming☆124Updated 4 years ago
- Enumerate user mode shared memory mappings on Windows.☆115Updated 3 years ago
- Parsers for custom malware formats ("Funky malware formats")☆92Updated 2 years ago
- Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.☆310Updated 7 months ago