windows rootkit
☆60May 2, 2024Updated last year
Alternatives and similar repositories for windows-rootkit
Users that are interested in windows-rootkit are comparing it to the libraries listed below
Sorting:
- Anti-Rootkit Tool for Windows☆12Mar 24, 2025Updated 11 months ago
- page table manipulation to gain physical r/w☆43May 7, 2024Updated last year
- bootkit驱动映射,三环进程注入加载指定模块☆14Oct 8, 2024Updated last year
- Programming/scripting language☆18Jan 3, 2025Updated last year
- Libraries written in inline assembly☆19Aug 7, 2023Updated 2 years ago
- Black Signature Driver☆24Oct 20, 2023Updated 2 years ago
- intel vt-x type 2 hypervisor☆65Apr 13, 2025Updated 10 months ago
- A VMBR (Virtual-Machine Based Rootkit) which runs a guest OS and sends the attacker its data☆28Apr 27, 2024Updated last year
- A simple example how to decrypt kernel debugger data block☆32Feb 8, 2021Updated 5 years ago
- Interprocess communication library, providing the ability to call functions from each other☆20Oct 3, 2019Updated 6 years ago
- Hook NtDeviceIoControlFile with PatchGuard☆107May 10, 2022Updated 3 years ago
- Anti-Rootkit/Anti-Cheat Driver to uncover unbacked or hidden kernel code.☆297Dec 10, 2025Updated 2 months ago
- ☆66Apr 12, 2023Updated 2 years ago
- cr3 shuffle driver☆76Mar 24, 2024Updated last year
- partially disable patchguard up to win11 21H2☆19Jun 3, 2024Updated last year
- Kernel driver for detecting Intel VT-x hypervisors.☆197Jul 11, 2023Updated 2 years ago
- Compileable POC of namazso's x64 return address spoofer.☆50Jun 10, 2020Updated 5 years ago
- UnknownField is a tool based clang that obfuscating the order of fields to protect your C/C++ game or code.☆44Jan 21, 2023Updated 3 years ago
- Kernel driver with mouse and keyboard input☆123Dec 5, 2023Updated 2 years ago
- manually map driver for a signed driver memory space☆174Mar 11, 2021Updated 4 years ago
- Custom KiSystemStartup, can be used to modificate kernel before boot.☆53Apr 7, 2022Updated 3 years ago
- Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executabl…☆385Jan 29, 2022Updated 4 years ago
- Kernel driver that moves the mouse☆76Mar 15, 2025Updated 11 months ago
- LLVM obfuscation pass, flattening at the basic block's level and turning each basic block into a dispacher and each instruction into a ne…☆49Aug 23, 2021Updated 4 years ago
- 将驱动映射到会话空间☆38Aug 27, 2022Updated 3 years ago
- Detect removed thread from PspCidTable.☆75Mar 18, 2022Updated 3 years ago
- A Kernel Driver that can be used for a cheat or malware base to circumvent common cache & structure table checks. PsLoadedModuleList howe…☆203Sep 27, 2025Updated 5 months ago
- Dump PDB Symbols including support for Bochs Debugging Format (with wine support)☆14Aug 11, 2023Updated 2 years ago
- My Personal Kernel-Mode Process dumper☆13Feb 18, 2024Updated 2 years ago
- ☆23May 8, 2023Updated 2 years ago
- A basic 100 loc CPU emulator using the existing code of ntoskrnl.exe☆75Aug 16, 2023Updated 2 years ago
- ntos shit☆30Feb 15, 2024Updated 2 years ago
- A kernel injector for EAC and BE☆159May 3, 2024Updated last year
- clearing traces of a loaded driver☆47Jul 2, 2022Updated 3 years ago
- PoC kernel to usermode injection☆105Feb 26, 2024Updated 2 years ago
- load unsigned kernel-driver by patching dse in 248 lines☆143Mar 22, 2024Updated last year
- Enum and Remove Hook in Windows☆51Dec 11, 2025Updated 2 months ago
- Hiding the window from screenshots using the function win32kfull::ChangeWindowTreeProtection☆11Jan 3, 2022Updated 4 years ago
- ☆10Nov 11, 2020Updated 5 years ago