mytechnotalent / windows-kernel-debuggingLinks
A guide to get you started with Windows Kernel Debugging walking you through the complete setup and usage of WinDbg to trace Windows process creation at the kernel level, from boot to PspCreateProcess, using VMware Workstation.
☆25Updated 2 months ago
Alternatives and similar repositories for windows-kernel-debugging
Users that are interested in windows-kernel-debugging are comparing it to the libraries listed below
Sorting:
- ☆60Updated 3 months ago
- Intel 64/Windows low-level experiments☆63Updated 5 months ago
- Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when a…☆92Updated 6 months ago
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆81Updated 7 months ago
- Win32 keylogger that supports all (non-ime using) languages correctly☆53Updated 2 years ago
- ☆57Updated 6 months ago
- Slaying multi-language LLVM IR with obfuscation passes to achieve JIT execution☆130Updated last month
- ☆89Updated last year
- Exploiting the KsecDD Windows driver through Server Silos☆74Updated last year
- Zero-dependency MCP server implementation.☆57Updated last month
- ☆100Updated last year
- A C++/Asm template for PIC/EXE/DLL malware☆24Updated 5 months ago
- In-memory hiding technique☆63Updated last year
- Callstack spoofing using a VEH because VEH all the things.☆23Updated 10 months ago
- LibWinHttp is a simplified WinHTTP wrapper designed as a Crystal Palace shared library for implant development. Its primary purpose is to…☆40Updated 2 months ago
- Proof of concepts demonstrating some aspects of the Windows kernel shadow stack mitigation.☆53Updated 7 months ago
- This repo contains PoCs for vulnerable Windows drivers.☆114Updated last month
- List the ETW provider(s) in the registration table of a process.☆80Updated 2 years ago
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆73Updated 9 months ago
- ☆60Updated 9 months ago
- Easy encrypt/decrypt data with TPM☆25Updated last year
- Reimplementation of the KExecDD DSE bypass technique.☆57Updated last year
- Dll injection through code page id modification in registry. Based on jonas lykk research☆17Updated 3 years ago
- shell code example☆67Updated last month
- break link between dll and it file on disk☆12Updated last year
- Mentally ill EtwTi parser☆67Updated 3 weeks ago
- https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.☆33Updated last year
- Windows LPE Nday☆31Updated last year
- havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets☆43Updated last year
- ☆52Updated 10 months ago