Windows Kernel Programming
☆133May 11, 2020Updated 5 years ago
Alternatives and similar repositories for basic-windows-kernel-programming
Users that are interested in basic-windows-kernel-programming are comparing it to the libraries listed below
Sorting:
- kernel driver used to monitor the activity of BadlionAnticheat.sys by patching its IAT☆32Jul 9, 2021Updated 4 years ago
- Some drivers I've written while solving exercises from Practical Reverse Engineering☆15Jan 9, 2022Updated 4 years ago
- Anti-Analysis technique, trick the debugger by Hiding events from it.☆20Sep 6, 2021Updated 4 years ago
- Windows System Programming Experiments☆222Jun 13, 2022Updated 3 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆73Aug 11, 2023Updated 2 years ago
- Easy Anti PatchGuard☆223Apr 9, 2021Updated 4 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- File system minifilter driver for Windows to block symbolic link attacks.☆51Dec 16, 2020Updated 5 years ago
- A simple password-based PE encryptor for Windows 32-bit executables.☆51Jan 9, 2025Updated last year
- LLVM based devirtualization PoC’s.☆21Dec 11, 2021Updated 4 years ago
- Virtual Tagger Plugin is a Cutter plugin that significantly improves handling and analysis of vtables and virtual functions☆16Mar 23, 2023Updated 2 years ago
- My notes while studying Windows internals☆446Dec 9, 2024Updated last year
- Custom implementation of DbgHelp's MiniDumpWriteDump function. Uses static syscalls to replace low-level functions like NtReadVirtualMemo…☆127Jan 18, 2022Updated 4 years ago
- VT-based PCI device monitor (SPI)☆158Oct 29, 2020Updated 5 years ago
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- x64 Windows privilege elevation using anycall☆22May 28, 2021Updated 4 years ago
- A way to detect DBI frameworks, Debuggers and VMs.☆24Nov 17, 2020Updated 5 years ago
- neat way to detect memory read using nt layer function.☆14Aug 4, 2023Updated 2 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆110Apr 24, 2020Updated 5 years ago
- ☆16Mar 1, 2019Updated 6 years ago
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆66Apr 4, 2020Updated 5 years ago
- Tools made for my Hyper-V blog series @ https://foxhex0ne.blogspot.com/☆58Jun 21, 2020Updated 5 years ago
- clearing traces of a loaded driver☆47Jul 2, 2022Updated 3 years ago
- A kernel mode Windows rootkit in development.☆49Dec 31, 2021Updated 4 years ago
- PoC exploiting Aligned Chunk Confusion on Windows kernel Segment Heap☆215Jul 2, 2020Updated 5 years ago
- ☆163Oct 29, 2020Updated 5 years ago
- Driver demonstrating how to register a DPC to asynchronously wait on an object☆50Jan 15, 2021Updated 5 years ago
- ☆31Jan 12, 2022Updated 4 years ago
- Intraceptor intercept Windows NT API calls and redirect them to a kernel driver to bypass process/threads handle protections.☆32May 18, 2022Updated 3 years ago
- Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2☆250Jul 5, 2022Updated 3 years ago
- Code to make it easier to write an NDIS network driver on Windows☆93Oct 1, 2023Updated 2 years ago
- This is a collection of interesting codes about Windows Process creation.☆237Jan 12, 2024Updated 2 years ago
- a minimalistic windows hypervisor for amd processors☆138Jun 30, 2022Updated 3 years ago
- using gpuz to load driver☆36Mar 14, 2019Updated 6 years ago
- Research on Windows Kernel Executive Callback Objects☆315Feb 22, 2020Updated 6 years ago
- CFB is a ProcMon-style tool designed to assist capturing IRPs sent to Windows drivers.☆333Mar 26, 2024Updated last year
- ☆164Sep 18, 2021Updated 4 years ago
- windows kernelmode driver to inject dll into each and every process and perform systemwide function hooking☆53Aug 28, 2022Updated 3 years ago
- Dynamic Taint Analysis versus Obfuscated Self-Checking☆16Sep 5, 2021Updated 4 years ago