xenocidewiki / UndocumentedNTAPI
I was challenged by a friend to list all the processes and drivers in a system using more "unusual" methods. By doing this I learned quite a lot about the windows internals. To be specific I learned a lot about the undocumented structures and functions in the NTAPI.
☆16Updated 8 years ago
Related projects: ⓘ
- An automatic tool for fixing dumped PE files☆42Updated 4 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆52Updated 5 years ago
- Simple PE Packer Which Encrypts .text Section☆45Updated 7 years ago
- A tool to help malware analysts tell that the sample is injecting code into other process.☆73Updated 9 years ago
- ☆28Updated 5 years ago
- Simple proof of concept code for injecting libraries on 64bit processes from a 32bit process☆91Updated 5 years ago
- A ready-made template for a project based on libpeconv.☆40Updated last year
- ASUSTeK AsIO3 I/O driver unlock☆19Updated 3 years ago
- Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.☆72Updated 13 years ago
- File system minifilter driver for Windows to block symbolic link attacks.☆51Updated 3 years ago
- ☆56Updated 2 years ago
- PoC for detecting and dumping process hollowing code injection☆50Updated 5 years ago
- This is a simple driver with x64 inline assembly☆52Updated 4 years ago
- Miscellaneous Code and Docs☆76Updated 9 months ago
- A reflexive driver loader to bypass Windows DSE (featuring a custom PE loader)☆37Updated 6 years ago
- Hidden kernel mode code execution for bypassing modern anti-rootkits.☆80Updated 13 years ago
- silence file system monitoring components by hooking their minifilters☆49Updated 7 months ago
- Function hooks in Windows NT Kernel☆21Updated 3 years ago
- ☆64Updated 3 years ago
- (DEPRECATED) A simple anti-anti debug library for Windows☆29Updated 4 years ago
- ☆23Updated this week
- Analyze and attack windows applications using dll hijacking vulnerabilities☆54Updated 4 years ago
- A set of small utilities, helpers for PIN tracers☆31Updated 11 months ago
- arbitrary kernel read/write in dbutil_2_3.sys, Proof of Concept Local Privilege Escalation to nt authority/system☆52Updated 2 years ago
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆58Updated 8 years ago
- Anti-Anti-VM solution via Windows Driver☆55Updated 6 years ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆19Updated 6 years ago
- ☆23Updated this week
- PoC for detecting and dumping code injection (built and extended on UnRunPE)☆54Updated 5 years ago
- Polymorphic Stub Creator☆30Updated 7 years ago