sreeharshabandi / CaptainLinks
Process Creation, Image Load and Thread Creation Notification
☆13Updated last year
Alternatives and similar repositories for Captain
Users that are interested in Captain are comparing it to the libraries listed below
Sorting:
- Windows driver template, using C++20 & cmake & GithubActions☆22Updated 10 months ago
- UnknownField is a tool based clang that obfuscating the order of fields to protect your C/C++ game or code.☆44Updated 2 years ago
- Bypassing kernel patch protection runtime☆20Updated 2 years ago
- Some drivers I've written while solving exercises from Practical Reverse Engineering☆15Updated 3 years ago
- ☆15Updated 2 years ago
- An example code of CiGetCertPublisherName☆16Updated 3 years ago
- Detects if a Kernel mode debugger is active by reading the value of KUSER_SHARED_DATA.KdDebuggerEnabled. It is a high level and portable …☆23Updated 7 years ago
- ☆23Updated last year
- Sample for Creating a new kernel object type and supporting API☆24Updated 9 months ago
- ☆27Updated 2 years ago
- ☆23Updated 2 years ago
- a driver to enumerate registered pnp callbacks for a particular interface class based on reversal of IoRegisterPlugPlayNotification☆11Updated last year
- Load Dll into Kernel space☆38Updated 2 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆24Updated 3 years ago
- Learn Winapi in this Repo with examples, to understand its abstraction in reverse engineering for Windows.☆10Updated 2 years ago
- Fix VMProtect 3.xx (tested 3.0.9 to 3.5.0)☆17Updated 3 years ago
- x64 assembler library☆31Updated last year
- ☆29Updated 3 years ago
- Sample/PoC Windows kernel driver for detect DMA devices by using Vendor ID and Device ID signatures☆36Updated 9 months ago
- Anti-Analysis technique, trick the debugger by Hiding events from it.☆19Updated 3 years ago
- Debug Print viewer (user and kernel)☆66Updated last year
- Small driver that uses alternative syscalls feature (the project is still under development).☆17Updated last year
- EDR PoC WIP LLC☆11Updated last year
- A poc that abuses Enclave☆38Updated 2 years ago
- Some crazy PE executables protection kernel driver☆18Updated 5 years ago
- Elevate arbitrary MSR writes to kernel execution.☆36Updated last year
- ☆27Updated last year
- WinHvShellcodeEmulator (WHSE) is a shellcode emulator leveraging the Windows Hypervisor Platform API☆23Updated 3 years ago
- combine the power of procmon and dbgview into one single application☆9Updated last year
- A driver to implement IOCTL hooking☆24Updated 3 years ago