A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.
☆116Feb 1, 2022Updated 4 years ago
Alternatives and similar repositories for manual-syscall-detect
Users that are interested in manual-syscall-detect are comparing it to the libraries listed below
Sorting:
- A way to detect DBI frameworks, Debuggers and VMs.☆24Nov 17, 2020Updated 5 years ago
- Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll☆499Feb 3, 2022Updated 4 years ago
- Security product hook detection☆327Mar 30, 2021Updated 4 years ago
- RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …☆500Jan 25, 2022Updated 4 years ago
- devirtualization vmprotect☆65Mar 11, 2023Updated 2 years ago
- ☆71Feb 6, 2025Updated last year
- Code Injection, Inject malicious payload via pagetables pml4.☆243Jul 7, 2021Updated 4 years ago
- Analyze patches in a process☆260Jul 28, 2021Updated 4 years ago
- ETW based POC to identify direct and indirect syscalls☆189Apr 19, 2023Updated 2 years ago
- PoC capable of detecting manual syscalls from usermode.☆206Nov 13, 2025Updated 3 months ago
- API monitoring via return-hijacking thunks; works without information about target function prototypes.☆117May 26, 2020Updated 5 years ago
- A copy of my Mathematics and Computer Engineering B.Sc. thesis☆20Dec 8, 2020Updated 5 years ago
- A simple program to hook the current process to identify the manual syscall executions on windows☆265Nov 18, 2022Updated 3 years ago
- x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration☆388Jul 6, 2022Updated 3 years ago
- Lightweight WINAPI tracing with Pin☆27Aug 22, 2019Updated 6 years ago
- A simple x86_64 AMD-v hypervisor type-2 Programmed with C++, with soon to be added syscall hooks. [W.I.P]☆104Aug 3, 2023Updated 2 years ago
- Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique☆337Jan 16, 2022Updated 4 years ago
- Inline syscalls made easy for windows on clang☆736Jun 21, 2024Updated last year
- FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++17!☆357Sep 1, 2022Updated 3 years ago
- SyscallLoader☆11Sep 13, 2021Updated 4 years ago
- Test data for x86 instructions☆13Apr 13, 2021Updated 4 years ago
- Universal x86/x64 VMProtect 2.0-3.X Import fixer☆20Dec 29, 2021Updated 4 years ago
- ☆26Dec 29, 2021Updated 4 years ago
- Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.☆38May 12, 2022Updated 3 years ago
- A kernel mode Windows rootkit in development.☆49Dec 31, 2021Updated 4 years ago
- Load any Beacon Object File using Powershell!☆260Dec 9, 2021Updated 4 years ago
- LLVM based devirtualization PoC’s.☆21Dec 11, 2021Updated 4 years ago
- Hookers are cooler than patches.☆170Jan 21, 2022Updated 4 years ago
- IDA Pro plugin to make bitfield accesses easier to grep☆255Aug 3, 2025Updated 7 months ago
- A Pawn p-code interpreter written in C++☆25Oct 13, 2022Updated 3 years ago
- ☆13Mar 29, 2021Updated 4 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆240Nov 6, 2019Updated 6 years ago
- ☆42Apr 22, 2021Updated 4 years ago
- WTSRM☆216Aug 7, 2022Updated 3 years ago
- Detect strange memory regions and DLLs☆185Jan 20, 2022Updated 4 years ago
- A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC☆374May 24, 2022Updated 3 years ago
- Obfuscate specific windows apis with different apis☆1,023Feb 21, 2021Updated 5 years ago
- LoadLibrary for offensive operations☆1,176Oct 22, 2021Updated 4 years ago
- The Definitive Guide To Process Cloning on Windows☆543Jan 3, 2024Updated 2 years ago