therealdreg / ida_bochs_windows
Helper script for Windows kernel debugging with IDA Pro on native Bochs debugger (including PDB symbols)
☆61Updated last year
Related projects ⓘ
Alternatives and complementary repositories for ida_bochs_windows
- Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols)☆61Updated last year
- Different tools for Microsoft Hyper-V researching☆46Updated 5 months ago
- A years-old exploit of a local EoP vulnerability in Kingsoft Antivirus KWatch Driver version 2009.3.17.77.☆36Updated 2 years ago
- VMProtectTest☆37Updated last year
- An extended proof-of-concept for the CVE-2021-21551 Dell ‘dbutil_2_3.sys’ Kernel Exploit☆23Updated 3 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Updated last year
- Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post☆47Updated 2 months ago
- ☆25Updated 3 years ago
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆49Updated last year
- vdk is a set of utilities used to help with exploitation of a vulnerable driver.☆39Updated 2 years ago
- A simple but useful project maybe help you reverse Windows.☆30Updated 7 months ago
- This repo contains EXPs about Vulnerable Windows Driver☆19Updated 6 months ago
- WinHvShellcodeEmulator (WHSE) is a shellcode emulator leveraging the Windows Hypervisor Platform API☆19Updated 2 years ago
- windows kernel pagehook☆38Updated 2 years ago
- Triton based symbolic emulator☆16Updated 2 years ago
- Call NtCreateUserProcess directly as normal.☆66Updated 2 years ago
- Disassembler for Zeus VM custom instruction set☆25Updated 9 months ago
- A driver to implement IOCTL hooking☆23Updated 2 years ago
- Provides commands to read from and write to arbitrary kernel-mode memory for users with the Administrator privilege. HVCI compatible. No …☆15Updated 5 months ago
- devirtualization vmprotect☆61Updated last year
- Proof-of-concept game using VBS enclaves to protect itself from cheating☆21Updated 2 weeks ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆69Updated last year
- Exploiting ring0 memcpy-like functionality to disable Driver Signing Enforcement (DSE)☆20Updated 4 years ago
- Load Dll into Kernel space☆38Updated 2 years ago
- A compact tool for detecting AV/EDR hooks in default Windows libraries.☆29Updated 2 years ago
- Sample/PoC Windows kernel driver for detect DMA devices by using Vendor ID and Device ID signatures☆30Updated 2 months ago
- My try to implement a virtual CPU in C☆19Updated last year
- Yet another Windows DLL injector.☆38Updated 3 years ago
- ☆60Updated 6 months ago
- direct systemcalls with a modern c++20 interface.☆42Updated last year