An application to view and filter pool allocations from a dmp file on Windows 10 RS5+.
☆149Mar 2, 2023Updated 2 years ago
Alternatives and similar repositories for PoolViewer
Users that are interested in PoolViewer are comparing it to the libraries listed below
Sorting:
- Techniques based on named pipes for pool overflow exploitation targeting the most recent (and oldest) Windows versions demonstrated on CV…☆258Sep 1, 2022Updated 3 years ago
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆66Apr 4, 2020Updated 5 years ago
- CFB is a ProcMon-style tool designed to assist capturing IRPs sent to Windows drivers.☆333Mar 26, 2024Updated last year
- ☆165Sep 18, 2021Updated 4 years ago
- PoC exploiting Aligned Chunk Confusion on Windows kernel Segment Heap☆215Jul 2, 2020Updated 5 years ago
- ☆17Oct 31, 2022Updated 3 years ago
- Resolve DOS MZ executable symbols at runtime☆96Nov 12, 2021Updated 4 years ago
- A library to develop kernel level Windows payloads for post HVCI era☆485May 18, 2021Updated 4 years ago
- Useful scripts for WinDbg using the debugger data model☆429Mar 27, 2024Updated last year
- Simple Demo of using Windows Hypervisor Platform☆29Jul 14, 2025Updated 7 months ago
- Examples of leaking Kernel Mode information from User Mode on Windows☆633Jul 7, 2017Updated 8 years ago
- Tools made for my Hyper-V blog series @ https://foxhex0ne.blogspot.com/☆58Jun 21, 2020Updated 5 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆104May 14, 2020Updated 5 years ago
- Dumps information about all the callback objects found in a dump file and the functions registered for them☆37Oct 21, 2020Updated 5 years ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆145Sep 5, 2020Updated 5 years ago
- Exploring Windows Internals.☆64Aug 18, 2020Updated 5 years ago
- windbg plugin for win32k debugging☆75Oct 14, 2019Updated 6 years ago
- A driver that supports communication between a Windows guest and HyperWin☆15Jan 6, 2021Updated 5 years ago
- ☆41Jul 9, 2020Updated 5 years ago
- Dump of win32k POCs for bugs I've found☆381Mar 6, 2022Updated 3 years ago
- This is the P.O.C source for hooking the system calls on Windows 10 (1903) using it's dynamic trace feature weakness☆53Sep 12, 2019Updated 6 years ago
- Driver demonstrating how to register a DPC to asynchronously wait on an object☆50Jan 15, 2021Updated 5 years ago
- File system minifilter driver for Windows to block symbolic link attacks.☆51Dec 16, 2020Updated 5 years ago
- a demo for x86/x64's paging memory management learning, convert a virtual address from ring3 to physical address in ring0☆19Aug 26, 2017Updated 8 years ago
- ☆12Aug 31, 2022Updated 3 years ago
- Command like tool to print mitigation flags for running processes in a memory dump☆47Sep 18, 2020Updated 5 years ago
- A Windows kernel dump C++ parser library with Python 3 bindings.☆213Oct 5, 2025Updated 4 months ago
- Toolkit for Hyper-V security research☆157Mar 7, 2022Updated 3 years ago
- An example of a client and server using Windows' ALPC functions to send and receive data.☆115Jan 21, 2025Updated last year
- ☆272Jul 10, 2023Updated 2 years ago
- ☆48Jun 30, 2020Updated 5 years ago
- VMX intrinsics plugin for Hex-Rays decompiler☆74Oct 28, 2019Updated 6 years ago
- Code Injection, Inject malicious payload via pagetables pml4.☆243Jul 7, 2021Updated 4 years ago
- Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.☆657Jan 28, 2025Updated last year
- ☆68Dec 17, 2020Updated 5 years ago
- Research on Windows Kernel Executive Callback Objects☆315Feb 22, 2020Updated 6 years ago
- Code Integrity Violation Spotter☆17Jun 11, 2024Updated last year
- automates exploits using ROP chains, using ntdll-scraper☆16May 26, 2022Updated 3 years ago
- All Nt Syscall and W32k Syscall in one asm, include, and call it!☆58Nov 4, 2021Updated 4 years ago