paskalian / RetSpoofer
Spoof the return address of any function call.
☆7Updated 6 months ago
Alternatives and similar repositories for RetSpoofer:
Users that are interested in RetSpoofer are comparing it to the libraries listed below
- Patches DSE by swapping both data ptrs located in SeValidateImageHeader && SeValidateImageData☆20Updated 11 months ago
- A method to Disable DSE using .data ptr hooks☆29Updated 11 months ago
- Experiment with PAGE_GUARD protection to hide memory from other processes☆43Updated 7 months ago
- Compileable POC of namazso's x64 return address spoofer.☆51Updated 4 years ago
- ntoskrnl .data hooks for UM-KM communication☆36Updated 8 months ago
- ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel drive…☆49Updated last year
- Driver that communicates using a thread and a shared section with Usermode☆30Updated 4 months ago
- Allows for same-file KernelMode function execution using Encrypted addresses of Functions☆28Updated 3 months ago
- This is a POC Test project for INTEL CPUs on blocking NMI Entries through the IDT Handler.☆30Updated 3 months ago
- PoC kernel to usermode injection☆76Updated 11 months ago
- CVE-2022-3699 with arbitrary kernel code execution capability☆69Updated 2 years ago
- partially disable patchguard up to win11 21H2☆18Updated 7 months ago
- browse microsoft driver server for potentially vulnerable drivers☆15Updated 8 months ago
- using wnbios64.sys for arbitrary r/w☆13Updated 8 months ago
- This is an EfiGuard BootLoader that can boot EfiGuard from Usermode with no USB or Setup as a Single Executable with automatic File Dumpi…☆36Updated 4 months ago
- ☆11Updated 2 years ago
- Compile-Time Calls Obfuscator for C++14+☆37Updated last year
- A library to assist with memory & code protection.☆53Updated 10 months ago
- bootkit驱动映射,三环进程注入加载指定模块☆13Updated 3 months ago
- ☆29Updated 4 months ago
- ☆18Updated last year
- An Undetected BE Kernel Driver I developed, Will probably be detected upon releasing this but can be made undetected very easily. Does no…☆64Updated 4 months ago
- A simple direct syscall wrapper written in C++ with compatibility for x86 and x64 programs.☆43Updated last year
- a header-only library to dynamically resolve modules and exports while also being able to call them directly☆19Updated last year
- POC Hook of nt!HvcallCodeVa☆50Updated last year
- A simple kernel driver for R/W Using kSockets with some bypass implementation overall I wouldn't say its "ud"☆59Updated 5 months ago
- DSE & PG bypass via BYOVD attack☆41Updated 9 months ago
- clearing traces of a loaded driver☆46Updated 2 years ago
- silence file system monitoring components by hooking their minifilters☆55Updated 11 months ago
- Freeze target threads (external - internal ) by avoiding SuspendThread detections. Or access registers from start address.☆31Updated 10 months ago