Tiny driver patch to allow kernel callbacks to work on Win10 21h1
☆34Feb 7, 2022Updated 4 years ago
Alternatives and similar repositories for TelemetrySourcerer-patched
Users that are interested in TelemetrySourcerer-patched are comparing it to the libraries listed below
Sorting:
- Hook NtDeviceIoControlFile with PatchGuard☆107May 10, 2022Updated 3 years ago
- Dump PDB Symbols including support for Bochs Debugging Format (with wine support)☆14Aug 11, 2023Updated 2 years ago
- Open-source EDR kernel-component for system monitoring and DLL injection☆33Nov 14, 2020Updated 5 years ago
- Detect-KeAttachProcess by iterating through all processes as well as checking the context of the thread.☆121Feb 8, 2022Updated 4 years ago
- ☆47Feb 3, 2025Updated last year
- Open Anti Cheat☆27Jul 16, 2022Updated 3 years ago
- 不使用3环挂钩进行DWM桌面绘制☆82Dec 9, 2021Updated 4 years ago
- Kernel DLL Injector using NX Bit Swapping and VAD hide for hiding injected DLL☆219Nov 12, 2020Updated 5 years ago
- Monitor ETW events for Windows process mitigation policies, with stack traces☆31Oct 7, 2022Updated 3 years ago
- Hijack Printconfig.dll to execute shellcode☆100Jan 15, 2021Updated 5 years ago
- 简单安排一下 autochk.sys 这个rootkit☆73Mar 7, 2023Updated 2 years ago
- x64HOOK库☆18Jan 14, 2020Updated 6 years ago
- Easily hook WIN32 x64 functions☆18Feb 19, 2025Updated last year
- Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…☆218Feb 20, 2023Updated 3 years ago
- Detect removed thread from PspCidTable.☆75Mar 18, 2022Updated 3 years ago
- 一个windows内核驱动分析框架,对内核所有导出函数进行挂钩监控☆69Nov 19, 2025Updated 3 months ago
- A PoC to demo modifying cmdline of the child process dynamically. It might be useful against process log tracing, AV or EDR.☆41Dec 31, 2020Updated 5 years ago
- ☆81Dec 24, 2021Updated 4 years ago
- A driver to intercept low level windows events☆64Oct 2, 2019Updated 6 years ago
- ☆118Aug 7, 2022Updated 3 years ago
- PoC that measures how long it takes the CPU to execute the CPUID instruction and reports if it suspects a VM. Works on both Windows and L…☆26Sep 11, 2020Updated 5 years ago
- Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post☆80Sep 2, 2024Updated last year
- PsSetCreateProcessNotifyRoutine/Ex/Ex2 hook☆12May 30, 2024Updated last year
- A 64 bit OS☆10Nov 12, 2025Updated 3 months ago
- Rootkit & Anti-rootkit☆42Jan 27, 2024Updated 2 years ago
- UnknownField is a tool based clang that obfuscating the order of fields to protect your C/C++ game or code.☆44Jan 21, 2023Updated 3 years ago
- A SOCKS5-configured syscall hook that allows transparent TCP proxying on Windows for IPv4 and IPv6.☆26Jul 9, 2021Updated 4 years ago
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆299Apr 10, 2021Updated 4 years ago
- Unhooks Bit Defender from NTDLL and KERNELBASE using a classic technique.☆58Jun 23, 2023Updated 2 years ago
- ☆81Feb 12, 2022Updated 4 years ago
- ☆163Oct 29, 2020Updated 5 years ago
- Analyze Windows x64 Kernel Memory Layout☆129Nov 19, 2020Updated 5 years ago
- Kernel mode to user mode injector☆11Mar 31, 2020Updated 5 years ago
- Learn Winapi in this Repo with examples, to understand its abstraction in reverse engineering for Windows.☆11Aug 8, 2022Updated 3 years ago
- Hikari Obfuscator files☆12Jun 21, 2022Updated 3 years ago
- Windows CIFS/SMB packet generation and SMB networking library☆12Aug 25, 2020Updated 5 years ago
- The evolution of NxRansomware☆11Jun 14, 2019Updated 6 years ago
- 扫描以及恢复 r3hook 类☆10Aug 29, 2021Updated 4 years ago
- The lightweight UEFI toolchain for Visual Studio (MSBuild) C++ projects☆12Feb 16, 2026Updated 2 weeks ago