windows rootkit
☆60May 2, 2024Updated last year
Alternatives and similar repositories for windows-rootkit
Users that are interested in windows-rootkit are comparing it to the libraries listed below
Sorting:
- Anti-Rootkit Tool for Windows☆12Mar 24, 2025Updated 11 months ago
- bootkit驱动映射,三环进程注入加载指定模块☆14Oct 8, 2024Updated last year
- page table manipulation to gain physical r/w☆44May 7, 2024Updated last year
- Libraries written in inline assembly☆19Aug 7, 2023Updated 2 years ago
- A VMBR (Virtual-Machine Based Rootkit) which runs a guest OS and sends the attacker its data☆28Apr 27, 2024Updated last year
- Hook NtDeviceIoControlFile with PatchGuard☆107May 10, 2022Updated 3 years ago
- Dump PDB Symbols including support for Bochs Debugging Format (with wine support)☆14Aug 11, 2023Updated 2 years ago
- Detect removed thread from PspCidTable.☆75Mar 18, 2022Updated 4 years ago
- Anti-Rootkit/Anti-Cheat Driver to uncover unbacked or hidden kernel code.☆303Mar 12, 2026Updated last week
- Interprocess communication library, providing the ability to call functions from each other☆20Oct 3, 2019Updated 6 years ago
- A simple example how to decrypt kernel debugger data block☆32Feb 8, 2021Updated 5 years ago
- Black Signature Driver☆24Oct 20, 2023Updated 2 years ago
- cr3 shuffle driver☆80Mar 24, 2024Updated last year
- LLVM obfuscation pass, flattening at the basic block's level and turning each basic block into a dispacher and each instruction into a ne…☆49Aug 23, 2021Updated 4 years ago
- intel vt-x type 2 hypervisor☆64Apr 13, 2025Updated 11 months ago
- partially disable patchguard up to win11 21H2☆19Jun 3, 2024Updated last year
- Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executabl…☆387Jan 29, 2022Updated 4 years ago
- Programming/scripting language☆18Jan 3, 2025Updated last year
- Enum and Remove Hook in Windows☆52Dec 11, 2025Updated 3 months ago
- ☆66Apr 12, 2023Updated 2 years ago
- Compileable POC of namazso's x64 return address spoofer.☆50Jun 10, 2020Updated 5 years ago
- manually map driver for a signed driver memory space☆177Mar 11, 2021Updated 5 years ago
- ☆23May 8, 2023Updated 2 years ago
- Kernel driver for detecting Intel VT-x hypervisors.☆202Jul 11, 2023Updated 2 years ago
- manual map unsigned driver over signed memory☆222Apr 11, 2024Updated last year
- load unsigned kernel-driver by patching dse in 248 lines☆146Mar 22, 2024Updated last year
- UnknownField is a tool based clang that obfuscating the order of fields to protect your C/C++ game or code.☆44Jan 21, 2023Updated 3 years ago
- Custom KiSystemStartup, can be used to modificate kernel before boot.☆53Apr 7, 2022Updated 3 years ago
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- 将驱动映射到会话空间☆38Aug 27, 2022Updated 3 years ago
- ntos shit☆29Feb 15, 2024Updated 2 years ago
- ☆25Aug 9, 2021Updated 4 years ago
- Simple Demo of using Windows Hypervisor Platform☆29Jul 14, 2025Updated 8 months ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆241Nov 6, 2019Updated 6 years ago
- PoC kernel to usermode injection☆106Feb 26, 2024Updated 2 years ago
- Patches DSE by swapping both data ptrs located in SeValidateImageHeader && SeValidateImageData☆24Feb 9, 2024Updated 2 years ago
- Admin to Kernel code execution using the KSecDD driver☆264Apr 19, 2024Updated last year
- https://www.huorong.cn/☆15Apr 16, 2024Updated last year
- 跨平台模拟执行unicorn框架基于Qemu的TCG模式(Tiny Code Generator),以无硬件虚拟化支持方式实现全系统的虚拟化,支持跨平台和架构的CPU指令模拟,本文讨论是一款笔者的实验性项目采用Windows Hypervisor Platform虚拟机模式…☆79Dec 17, 2023Updated 2 years ago