rsnrsnrsn / Code-execution-by-abusing-VEH
Achieving code execution through abusing VEH
☆15Updated last year
Related projects: ⓘ
- UM-KM Communication using registry callbacks☆35Updated 4 years ago
- search for a driver/dll module that has a wanted section bigger than the size of your image☆21Updated 3 years ago
- Old way for blocking NMI interrupts☆25Updated 2 years ago
- partially disable patchguard up to win11 21H2☆10Updated 3 months ago
- A minimalistic way to spoof return addresses without using exceptions☆14Updated 2 years ago
- ☆19Updated 2 years ago
- Patches DSE by swapping both data ptrs located in SeValidateImageHeader && SeValidateImageData☆19Updated 7 months ago
- ☆13Updated this week
- ☆31Updated this week
- ☆23Updated this week
- Mapping your code on a 0x1000 size page☆66Updated 2 years ago
- comparing data of module exports from disk and memory, then caching any differences.☆23Updated 2 years ago
- Illustrates the concept of return address spoofing, and how it is used.☆14Updated 4 years ago
- POC kernel driver with hidden system thread☆10Updated 4 months ago
- Stealing signatures from pe files☆15Updated 2 years ago
- Disk based DMA for ATA and SCSI☆13Updated 11 months ago
- Header only UM AC "bypass"☆16Updated 4 months ago
- ☆28Updated this week
- ☆17Updated 2 years ago
- POC Hook of nt!HvcallCodeVa☆49Updated last year
- ☆25Updated this week
- ☆11Updated 3 years ago
- ☆14Updated this week
- ☆33Updated 4 years ago
- 将驱动映射到会话空间☆32Updated 2 years ago
- ☆42Updated 2 years ago
- ☆17Updated 2 years ago
- ☆23Updated 11 months ago
- ☆42Updated 3 years ago
- Communicate from ring-0 to ring-3 using NamedPipes.☆9Updated last year