vmcall / latebros
x64 usermode rootkit
☆199Updated 6 years ago
Related projects: ⓘ
- PE permutation library☆259Updated last year
- ☆155Updated this week
- C++17 PE manualmapper☆244Updated 2 years ago
- PatchGuard Research☆290Updated 5 years ago
- driver mapper / capcom wrapper☆213Updated 4 years ago
- ☆239Updated this week
- ☆160Updated 7 years ago
- Hypervisor based tool for monitoring system register accesses.☆140Updated 6 years ago
- Detecting execution of kernel memory where is not backed by any image file☆252Updated 6 years ago
- ☆105Updated 5 years ago
- RootKit & Cheat Scanner - Windows☆212Updated 5 years ago
- ☆75Updated this week
- Inject code into a legitimate process☆141Updated 9 years ago
- Stealth DLL injector☆86Updated last month
- ☆150Updated 4 years ago
- Elevate a process to be a protected process☆140Updated 5 years ago
- Translates WinDbg "dt" structure dump to a C structure☆126Updated 7 years ago
- Capcom driver exploit wrapper☆121Updated 5 years ago
- windows kernelmode and usermode IAT hook☆140Updated 3 years ago
- Import address table (IAT) hooking is a well documented technique for intercepting calls to imported functions.☆210Updated 6 years ago
- Multi-purpose proof-of-concept tool based on CPU-Z CVE-2017-15303☆106Updated 6 years ago
- A library to read physical memory and system-wide virtual memory.☆119Updated 6 years ago
- usermode standalone kernel interface☆110Updated 6 years ago
- Hooking kernel functions by abusing alignment☆238Updated 3 years ago
- NoBastian - Universal Ring3 IPC based BattlEye/EAC/FaceIt/ESEA/MRAC bypass☆141Updated 6 years ago
- Hooking SSDT with Avast Internet Security Hypervisor☆111Updated 5 years ago
- Disable Driver Callbacks☆97Updated 6 years ago
- BattlEye BEClient<->BEService usermode emulator☆79Updated 4 years ago
- Detect manualmapped images remotely, without hassle☆155Updated 6 years ago
- Asynchronous Procedure Calls☆185Updated 3 years ago