This is the AV ("protection solution") used for my windows 10 rootkit main project. this includes the installer stager program, a service to perform automatic UM operations on boot and the protection driver used for SSDT, inline hooks detection, hidden processes by DKOM, vulnurable drivers validation and others.
☆13May 2, 2024Updated last year
Alternatives and similar repositories for ProtectionSolution
Users that are interested in ProtectionSolution are comparing it to the libraries listed below
Sorting:
- ☆10Dec 28, 2023Updated 2 years ago
- it's a driver injector or driver loader header lib(Windows)☆12Aug 5, 2023Updated 2 years ago
- ☆11Oct 17, 2020Updated 5 years ago
- hkxiaoyu的windows c++应用层基础库☆12Sep 17, 2020Updated 5 years ago
- ☆12Apr 12, 2024Updated last year
- Windows file system driver which allows to block access to files at run-time (C/C++, C#, WDK, SDK)☆13Jan 1, 2023Updated 3 years ago
- ☆12Oct 12, 2021Updated 4 years ago
- x64 Windows privilege elevation using anycall☆22May 28, 2021Updated 4 years ago
- wfp2socks☆11Sep 11, 2025Updated 5 months ago
- Disable NMI Callbacks with Kernelmode Driver☆18Mar 15, 2023Updated 2 years ago
- Anti-rootkit works as a Windows system driver.☆13Mar 14, 2022Updated 3 years ago
- iSwordSDK (Provide Powerful Kernel API For Ring3 Applications)☆15Mar 25, 2022Updated 3 years ago
- ☆25Jan 6, 2025Updated last year
- ☆14Apr 7, 2018Updated 7 years ago
- Protect a file from being deleted using windows kernel file system minifilter driver☆39Apr 2, 2021Updated 4 years ago
- Some crazy PE executables protection kernel driver☆20May 2, 2020Updated 5 years ago
- Windows Simple Process Logger implemented as driver☆18Oct 27, 2017Updated 8 years ago
- Register a callback from a Manually mapped kernel module☆16Feb 1, 2022Updated 4 years ago
- 一个基于windows共享内存的进程间��通信库☆21Oct 17, 2019Updated 6 years ago
- IDA plugin to make classes automatically☆20Oct 31, 2024Updated last year
- viewing page boundaries of pages with PAGE_NOACCESS protection reveals the presence of x64dbg.☆26Jan 1, 2017Updated 9 years ago
- Record & prevent file deletion in kernel mode☆46Jul 22, 2020Updated 5 years ago
- Use RTCore64 to map your driver on windows 11.☆150May 9, 2025Updated 9 months ago
- Windows memory hacking library☆22Aug 12, 2018Updated 7 years ago
- Kernel Hook X64☆26Oct 11, 2020Updated 5 years ago
- Kernel<->Usermode shared memory communcation using manually mapped driver☆21Dec 12, 2021Updated 4 years ago
- comparing data of module exports from disk and memory, then caching any differences.☆26Dec 11, 2021Updated 4 years ago
- A project on the Unicorn emulator to emulate the code of Pe files in windows☆28Sep 12, 2024Updated last year
- ☆28Aug 3, 2024Updated last year
- Sandboxie Python Client☆24Jun 29, 2012Updated 13 years ago
- 学习windows驱动相关☆23Jul 31, 2019Updated 6 years ago
- Open platform for sharing confirmed Malware samples☆39Nov 9, 2024Updated last year
- A .data pointer hook with communication in windows 11☆43Nov 9, 2025Updated 3 months ago
- ☆27Jan 6, 2024Updated 2 years ago
- Remote memory library in C++17.☆34May 31, 2018Updated 7 years ago
- Kernel mode to user mode dll injection.☆14Nov 10, 2024Updated last year
- A Practical example of ELAM (Early Launch Anti-Malware)☆36Nov 12, 2021Updated 4 years ago
- PsSetCreateProcessNotifyRoutine bypass proof-of-concept for manual mapped drivers☆34Jul 19, 2021Updated 4 years ago
- A lightweight pytorch implementation of HRNet human pose estimation☆14Jun 13, 2024Updated last year