turingcompl33t / windows-internals
Exploring Windows Internals.
☆58Updated 4 years ago
Related projects: ⓘ
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆100Updated 4 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆52Updated 5 years ago
- ☆79Updated this week
- File system minifilter driver for Windows to block symbolic link attacks.☆51Updated 3 years ago
- An example of a client and server using Windows' ALPC functions to send and receive data.☆88Updated 4 years ago
- c++ implementation of windows heavens gate☆54Updated 3 years ago
- A research project about Windows notify routines.☆34Updated 4 years ago
- (DEPRECATED) A simple anti-anti debug library for Windows☆29Updated 4 years ago
- a simple intel vt code both support x86 & x64. PatchGuard monitor.☆74Updated 2 years ago
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆63Updated 4 years ago
- Standalone program to download PDB Symbol files for debugging without WDK☆71Updated 5 years ago
- Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.☆72Updated 13 years ago
- ☆26Updated 6 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆103Updated 4 years ago
- PoC for detecting and dumping code injection (built and extended on UnRunPE)☆54Updated 5 years ago
- A driver to intercept low level windows events☆59Updated 4 years ago
- Anti-Anti-VM solution via Windows Driver☆55Updated 6 years ago
- This is a simple driver with x64 inline assembly☆52Updated 4 years ago
- ☆29Updated this week
- ☆53Updated this week
- ☆64Updated 3 years ago
- Documenting system information classes and their uses☆48Updated 2 years ago
- win10 pgContext dynamic dump (btc version)☆100Updated 4 years ago
- Protects deletion of files with a specified extension using a kernel-mode driver.☆73Updated 6 years ago
- Takes a Windbg dumped structure (using the 'dt' command) and formats it into a C structure☆33Updated 2 months ago
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆72Updated 3 years ago
- Hooking SSDT with Avast Internet Security Hypervisor☆111Updated 5 years ago
- This is the P.O.C source for hooking the system calls on Windows 10 (1903) using it's dynamic trace feature weakness☆50Updated 5 years ago
- ☆33Updated 5 years ago
- Resolve DOS MZ executable symbols at runtime☆93Updated 2 years ago