swwwolf / cbtest
Windows kernel-mode callbacks tutorial driver
☆46Updated 8 years ago
Related projects ⓘ
Alternatives and complementary repositories for cbtest
- Helper utility for debugging windows PE/PE+ loader.☆50Updated 9 years ago
- just an lite AntiRootkit for interesting☆23Updated 8 years ago
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆59Updated 8 years ago
- Takes a Windbg dumped structure (using the 'dt' command) and formats it into a C structure☆33Updated 4 months ago
- Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.☆73Updated 13 years ago
- ☆28Updated 9 years ago
- Decrement Windows Kernel for fun and profit☆39Updated 6 years ago
- User-mode program parsing logs created by HyperPlatform☆17Updated 8 years ago
- Wow64 syscall hook☆40Updated 7 years ago
- drvtriks kernel driver for Windows 7 SP1 and 8.1 x64, that tricks around in your system.☆31Updated 7 years ago
- Simple proof of concept code for injecting libraries on 64bit processes from a 32bit process☆93Updated 6 years ago
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Updated 7 years ago
- Hidden kernel mode code execution for bypassing modern anti-rootkits.☆80Updated 13 years ago
- Simple PE packer with RtlCompressBuffer☆21Updated 9 years ago
- User-mode process cross-checking utility intended to detect naive malware hiding itself by hooking IAT/EAT.☆18Updated 8 years ago
- Analyze PatchGuard☆53Updated 6 years ago
- An API Monitor based on Instrumentation☆42Updated 6 years ago
- Anti-Anti-VM solution via Windows Driver☆54Updated 6 years ago
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆66Updated 4 years ago
- A command line tool to load and unload a device driver.☆44Updated 7 years ago
- PoC for detecting and dumping code injection (built and extended on UnRunPE)☆54Updated 6 years ago
- DirectNtApi - simple method to make ntapi function call without importing or walking export table. Work under Windows 7, 8 and 10☆52Updated 8 months ago
- PoC for detecting and dumping process hollowing code injection☆50Updated 6 years ago
- Windows 10 UAC bypass PoC using LaunchInfSection☆34Updated 6 years ago
- A sample project for using Capstone from a driver in Visual Studio 2015☆33Updated 8 years ago
- Analyze and attack windows applications using dll hijacking vulnerabilities☆55Updated 5 years ago
- windows create process with a dll load first time via LdrHook☆30Updated 8 years ago
- Simple code generation library developed in C intended for code generation in Kernel mode☆17Updated last year
- A tool to help malware analysts tell that the sample is injecting code into other process.☆75Updated 9 years ago