codes for my blog post: https://secrary.com/Random/InstrumentationCallback/
☆183Nov 30, 2017Updated 8 years ago
Alternatives and similar repositories for Hooking-via-InstrumentationCallback
Users that are interested in Hooking-via-InstrumentationCallback are comparing it to the libraries listed below
Sorting:
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆66Apr 4, 2020Updated 5 years ago
- Modify process handle permissions☆61Nov 30, 2016Updated 9 years ago
- based on https://github.com/secrary/Hooking-via-InstrumentationCallback☆73Oct 29, 2019Updated 6 years ago
- Recon 2015 Presentation from Alex Ionescu☆250Jan 27, 2016Updated 10 years ago
- PatchGuard Research☆304Oct 6, 2018Updated 7 years ago
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆146Feb 23, 2019Updated 7 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆104May 14, 2020Updated 5 years ago
- ☆34Jul 28, 2018Updated 7 years ago
- Translates WinDbg "dt" structure dump to a C structure☆134Oct 16, 2016Updated 9 years ago
- A hypervisor hiding user-mode memory using EPT☆107Jan 28, 2018Updated 8 years ago
- Some garbage drivers written for getting started☆65Dec 31, 2019Updated 6 years ago
- Exploiting CPU-Z Driver To Turn Load Unsigned Drivers☆131Aug 10, 2017Updated 8 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆240Nov 6, 2019Updated 6 years ago
- c++ implementation of windows heavens gate☆70Feb 12, 2021Updated 5 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆110Apr 24, 2020Updated 5 years ago
- Windows Kernel Driver with C++ runtime☆181Sep 26, 2020Updated 5 years ago
- Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.☆79Jan 24, 2011Updated 15 years ago
- Easy Anti PatchGuard☆223Apr 9, 2021Updated 4 years ago
- x64 assembler library☆31Jun 7, 2024Updated last year
- Elevation of privilege detector based on HyperPlatform☆123Mar 5, 2017Updated 8 years ago
- a frame of amd-v svm nest☆53Apr 7, 2020Updated 5 years ago
- Analyze PatchGuard☆56Aug 19, 2018Updated 7 years ago
- VT-based PCI device monitor (SPI)☆158Oct 29, 2020Updated 5 years ago
- A driver that supports communication between a Windows guest and HyperWin☆15Jan 6, 2021Updated 5 years ago
- Win7内核私有符号结构转储☆70Sep 3, 2021Updated 4 years ago
- The Kernel-Mode Winsock library, supporting TCP, UDP and Unix sockets (DGRAM and STREAM).☆284Jan 27, 2025Updated last year
- An example of a client and server using Windows' ALPC functions to send and receive data.☆115Jan 21, 2025Updated last year
- win10 pgContext dynamic dump (btc version)☆110Jan 15, 2020Updated 6 years ago
- windows LPC library☆43Jun 7, 2013Updated 12 years ago
- Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.☆902Nov 21, 2019Updated 6 years ago
- Research on Windows Kernel Executive Callback Objects☆315Feb 22, 2020Updated 6 years ago
- hook msr by amd svm☆125Dec 30, 2019Updated 6 years ago
- Detecting execution of kernel memory where is not backed by any image file☆261Jul 11, 2018Updated 7 years ago
- WinDBG Anti-RootKit Extension☆645Jul 29, 2020Updated 5 years ago
- Hide codes/data in the kernel address space.☆188May 8, 2021Updated 4 years ago
- A tool to help malware analysts tell that the sample is injecting code into other process.☆78Aug 12, 2015Updated 10 years ago
- hooking KiUserApcDispatcher☆27Apr 3, 2017Updated 8 years ago
- ☆44Oct 7, 2018Updated 7 years ago
- OpenSrc projects; common multiprojects headers store to ./Common/*category*/☆51Mar 16, 2014Updated 11 years ago