mytechnotalent / windows-kernel-debuggingLinks
A guide to get you started with Windows Kernel Debugging walking you through the complete setup and usage of WinDbg to trace Windows process creation at the kernel level, from boot to PspCreateProcess, using VMware Workstation.
☆25Updated 2 months ago
Alternatives and similar repositories for windows-kernel-debugging
Users that are interested in windows-kernel-debugging are comparing it to the libraries listed below
Sorting:
- Intel 64/Windows low-level experiments☆63Updated 5 months ago
- ☆60Updated 3 months ago
- Easy encrypt/decrypt data with TPM☆25Updated last year
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆81Updated 7 months ago
- Example of building an application verifer DLL☆51Updated last year
- break link between dll and it file on disk☆12Updated last year
- Proof-of-concept kernel driver that hijacks the Windows kernel extension table mechanism to preserve process notify callbacks even when a…☆92Updated 7 months ago
- ☆57Updated 6 months ago
- In-memory hiding technique☆63Updated last year
- Callstack spoofing using a VEH because VEH all the things.☆23Updated 10 months ago
- Slaying multi-language LLVM IR with obfuscation passes to achieve JIT execution☆130Updated last month
- havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets☆42Updated last year
- ☆35Updated 2 years ago
- Exploiting the KsecDD Windows driver through Server Silos☆74Updated last year
- ☆90Updated last year
- ☆31Updated 11 months ago
- Win32 keylogger that supports all (non-ime using) languages correctly☆53Updated 2 years ago
- A C++/Asm template for PIC/EXE/DLL malware☆24Updated 5 months ago
- Windows LPE Nday☆32Updated last year
- ☆31Updated last year
- List the ETW provider(s) in the registration table of a process.☆80Updated 2 years ago
- Finding Truth in the Shadows☆120Updated 3 years ago
- Zero-dependency MCP server implementation.☆57Updated 2 months ago
- Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1☆71Updated 4 months ago
- A Proof-of-Concept implementation of Reflective DLL Injection (RDI) specifically for Windows on ARM64. Demonstrates PEB access via the x1…☆32Updated 8 months ago
- An example of how to use Microsoft Windows Warbird technology☆91Updated 2 years ago
- Hotkey-based keylogger for Windows☆31Updated last year
- call gates as stable comunication channel for NT x86 and Linux x86_64☆32Updated 2 years ago
- Enabled / Disable LSA Protection via BYOVD☆81Updated 4 years ago
- A few examples of how to trap virtual memory access on Windows.☆39Updated last year