Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)
☆73Aug 11, 2023Updated 2 years ago
Alternatives and similar repositories for cgaty
Users that are interested in cgaty are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- An attempt to restore and adapt to modern Win10 version the 'Rootkit Arsenal' original code samples☆74Apr 11, 2022Updated 3 years ago
- Dump PDB Symbols including support for Bochs Debugging Format (with wine support)☆14Aug 11, 2023Updated 2 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆23Nov 22, 2021Updated 4 years ago
- Helper script for Windows kernel debugging with IDA Pro on native Bochs debugger (including PDB symbols)☆62Aug 11, 2023Updated 2 years ago
- A library for intel VT-x hypervisor functionality supporting EPT shadowing.☆51Mar 11, 2021Updated 5 years ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- Load Dll into Kernel space☆39Aug 23, 2022Updated 3 years ago
- An example code of CiGetCertPublisherName☆16Mar 24, 2022Updated 4 years ago
- Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols)☆68Aug 11, 2023Updated 2 years ago
- ☆119Aug 7, 2022Updated 3 years ago
- Piece of code to detect and remove hooks in IAT☆65May 30, 2022Updated 3 years ago
- A simple x86_64 AMD-v hypervisor type-2 Programmed with C++, with soon to be added syscall hooks. [W.I.P]☆104Aug 3, 2023Updated 2 years ago
- automates exploits using ROP chains, using ntdll-scraper☆16May 26, 2022Updated 3 years ago
- Helper scripts for windows debugging with symbols for Bochs and IDA Pro (PDB files). Very handy for user mode <--> kernel mode☆19Aug 11, 2023Updated 2 years ago
- A small PoC that creates processes in Windows☆187Jun 6, 2024Updated last year
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- ☆69Dec 17, 2020Updated 5 years ago
- kernel driver used to monitor the activity of BadlionAnticheat.sys by patching its IAT☆32Jul 9, 2021Updated 4 years ago
- ☆70Feb 6, 2025Updated last year
- x64 PE-COFF virtualization driven obfuscation engine☆58Oct 14, 2022Updated 3 years ago
- Personal curation of Clang/LLVM patches.☆12Feb 27, 2021Updated 5 years ago
- C/C++ Runtime library for system file (Windows Kernel Driver) - Supports Microsoft STL☆192Aug 27, 2022Updated 3 years ago
- Enumerate various traits from Windows processes as an aid to threat hunting☆201Jan 13, 2022Updated 4 years ago
- Enumerate user mode shared memory mappings on Windows.☆134Feb 14, 2021Updated 5 years ago
- ☆17Oct 31, 2022Updated 3 years ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- hooks gServerHandlers xxxEventWndProc☆13May 1, 2022Updated 3 years ago
- Integration of Microsoft Warbird with the MSVC compiler☆134Jul 16, 2023Updated 2 years ago
- A PoC designed to bypass all usermode hooks in a WoW64 environment.☆149Sep 16, 2020Updated 5 years ago
- 跨平台模拟执行unicorn框架基于Qemu的TCG模式(Tiny Code Generator),以无硬件虚拟化支持方式实现全系统的虚拟化,支持跨平台和架构的CPU指令模拟,本文讨论是一款笔者的实验性项目采用Windows Hypervisor Platform虚拟机模式…☆79Dec 17, 2023Updated 2 years ago
- A way to detect DBI frameworks, Debuggers and VMs.☆24Nov 17, 2020Updated 5 years ago
- Driver demonstrating how to register a DPC to asynchronously wait on an object☆51Jan 15, 2021Updated 5 years ago
- Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.☆38May 12, 2022Updated 3 years ago
- Rootkit Arsenal 2nd Source Code☆15Aug 6, 2013Updated 12 years ago
- A code parser for C-Style header files that lets you to parse function's prototypes and data types used in their parameters.☆94Apr 17, 2022Updated 3 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- Subtract one PE file from another!☆20Oct 1, 2021Updated 4 years ago
- A simple password-based PE encryptor for Windows 32-bit executables.☆51Jan 9, 2025Updated last year
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆55Dec 30, 2025Updated 2 months ago
- Easy Anti PatchGuard☆222Apr 9, 2021Updated 4 years ago
- a minimalistic windows hypervisor for amd processors☆146Jun 30, 2022Updated 3 years ago
- My research WIP bluepill hypervisor☆40Mar 15, 2023Updated 3 years ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆270Aug 31, 2022Updated 3 years ago