secrary / Hooking-via-InstrumentationCallback

Related projects ⓘ

Alternatives and complementary repositories for Hooking-via-InstrumentationCallback

• kkent030315 / NtSymbol
  Resolve DOS MZ executable symbols at runtime
  ☆93Updated 3 years ago
• not-wlan / driver-hijack
  ☆152Updated 5 years ago
• 0xcpu / WinAltSyscallHandler
  Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999
  ☆206Updated 5 years ago
• MiroKaku / Nt-Modules
  Collect different versions of Crucial modules.
  ☆127Updated 4 months ago
• wbenny / EtwConsumerNT
  Simple project that demonstrates how an ETW consumer can be created just by using NTDLL
  ☆135Updated 5 years ago
• ajkhoury / Errata1337
  ☆66Updated 3 years ago
• fIappy / infhook19041
  ☆121Updated 4 years ago
• Cr4sh / PTBypass-PoC
  Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.
  ☆73Updated 13 years ago
• repnz / apc-research
  APC Internals Research Code
  ☆159Updated 4 years ago
• nickcano / ReloadLibrary
  A quick-and-dirty anti-hook library proof of concept.
  ☆101Updated 6 years ago
• yardenshafir / SymlinkCallback
  A driver that hooks C: volume using symbolic link callback to track all FS access to the volume
  ☆102Updated 4 years ago
• markhc / windbg_to_c
  Translates WinDbg "dt" structure dump to a C structure
  ☆126Updated 8 years ago
• DownWithUp / ALPC-Example
  An example of a client and server using Windows' ALPC functions to send and receive data.
  ☆89Updated 4 years ago
• SouhailHammou / KernelSymbolsHelper
  Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…
  ☆53Updated 5 years ago
• not-wlan / instrumentation-callbacks
  based on https://github.com/secrary/Hooking-via-InstrumentationCallback
  ☆67Updated 5 years ago
• tinysec / iathook
  windows kernelmode and usermode IAT hook
  ☆142Updated 3 years ago
• 3gstudent / Inject-dll-by-Process-Doppelganging
  Process Doppelgänging
  ☆154Updated 6 years ago
• hrbust86 / HookMsrBySVM
  hook msr by amd svm
  ☆119Updated 4 years ago
• zouxianyu / KernelHiddenExecute
  Hide codes/data in the kernel address space.
  ☆185Updated 3 years ago
• kkent030315 / NoPatchGuardCallback
  x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code
  ☆197Updated 3 years ago
• hfiref0x / Stryker
  Multi-purpose proof-of-concept tool based on CPU-Z CVE-2017-15303
  ☆107Updated 6 years ago
• Deputation / instrumentation_callbacks
  A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.
  ☆117Updated 3 years ago
• mrexodia / driver_unpacking
  Ghetto user mode emulation of Windows kernel drivers.
  ☆122Updated last month
• t3ssellate / unmapper
  An automatic tool for fixing dumped PE files
  ☆41Updated 4 years ago
• tandasat / FU_Hypervisor
  A hypervisor hiding user-mode memory using EPT
  ☆105Updated 6 years ago
• adrianyy / KeInject
  Kernel LdrLoadDll injector
  ☆258Updated 6 years ago
• mrexodia / AppInitHook
  Global user-mode hooking framework, based on AppInit_DLLs. The goal is to allow you to rapidly develop hooks to inject in an arbitrary pr…
  ☆161Updated 2 years ago
• kkent030315 / anycall
  x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration
  ☆226Updated 2 years ago
• sgabe / SymlinkProtect
  File system minifilter driver for Windows to block symbolic link attacks.
  ☆51Updated 3 years ago