Usermode NT Explorer - Query kernel addresses, translate virtual to physical addresses, inspect the PFN database, and more.
☆72Jan 27, 2026Updated last month
Alternatives and similar repositories for NTMemory
Users that are interested in NTMemory are comparing it to the libraries listed below
Sorting:
- A demonstration of hooking into the VMProtect-2 virtual machine☆24Nov 9, 2023Updated 2 years ago
- x86-64 Automated test data generator☆26Aug 18, 2025Updated 6 months ago
- POC Windows kernel driver that spoofs threads for NMI callbacks on x86-64.☆24Mar 30, 2025Updated 10 months ago
- Crystal Palace library for proxying Nt API calls via the Threadpool☆99Oct 18, 2025Updated 4 months ago
- ☆15Mar 28, 2015Updated 10 years ago
- A small experiment on assigning a processes threads a specific CPU and then blocking it with a high priority thread☆30Sep 24, 2025Updated 5 months ago
- ☆16May 2, 2024Updated last year
- CyberShield 2025 Intro to EDR Evasion Class☆17Jun 3, 2025Updated 8 months ago
- A collection of cpuid instruction implementations for anti-vm purposes.☆10Oct 5, 2023Updated 2 years ago
- An utility to download PDB files associated with a Portable Executable (PE).☆15Feb 18, 2025Updated last year
- Self-Loading Registration Free COM Functions☆11Nov 12, 2019Updated 6 years ago
- Bypasses VMProtect's VMWare & VMWare Tools detection trough user-mode API hooks.☆23Aug 3, 2024Updated last year
- This project simplifies the process of enabling DMA support for Cheat Engine. Instead of complex configurations, you can achieve DMA comp…☆21Apr 8, 2025Updated 10 months ago
- Modern security products (CrowdStrike, Bitdefender, SentinelOne, etc.) hook the nLoadImage function inside clr.dll to intercept and scan …☆203Dec 8, 2025Updated 2 months ago
- Thats it! An Open-Source Windows UEFI Rootkit☆28Jul 19, 2025Updated 7 months ago
- Basic utilities for executing, reading and writing 64-bit data in a 32-bit WoW64 process☆19Jul 8, 2022Updated 3 years ago
- Optimized software implementation in C of the RC4 encryption algorithm.☆14Mar 4, 2013Updated 12 years ago
- This is an EfiGuard BootLoader that can boot EfiGuard from Usermode with no USB or Setup as a Single Executable with automatic File Dumpi…☆71Sep 27, 2025Updated 5 months ago
- Hooking Windows' exception dispatcher to protect process's PML4☆227Jan 24, 2025Updated last year
- A simple tool for enumerating dynamic endpoints on a DCE/RPC remote or local endpoint mapper.☆15Oct 9, 2020Updated 5 years ago
- Windows kernel driver that detects hypervisors by probing SIDT/LIDT edge cases, paging/TLB behaviors, privilege transitions, and timing e…☆36Dec 17, 2025Updated 2 months ago
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Mar 29, 2025Updated 10 months ago
- Translate virtual addresses to physical addresses from usermode.☆103Jun 7, 2024Updated last year
- Abusing DDMA alongside Copy On Write for Cross Process Code Execution for a 3000$ Bug Bounty☆88Feb 1, 2026Updated 3 weeks ago
- SoftICE-like debugger for Windows 2000 and XP. Archived.☆21Dec 23, 2022Updated 3 years ago
- A graphing library for Control Flow Graphs☆105Jun 19, 2025Updated 8 months ago
- 参考taviso的代码逆向一下mpengine.dll☆20Jun 30, 2022Updated 3 years ago
- Windows 11 kernel research framework demonstrating DSE bypass on Windows 11 25H2 through boot-time execution. Loads unsigned drivers by s…☆82Dec 22, 2025Updated 2 months ago
- Handling C++ & __try exceptions without the need of built-in handlers.☆77Aug 28, 2021Updated 4 years ago
- A working version of this tutorial: https://docs.microsoft.com/en-us/windows/desktop/rpc/tutorial☆16Jun 22, 2019Updated 6 years ago
- Emulate Drivers in RING3 with self context mapping or unicorn☆21Jan 1, 2025Updated last year
- A C++/Asm template for PIC/EXE/DLL malware☆24Aug 12, 2025Updated 6 months ago
- Kernel Level NMI Callback Blocker☆164Sep 27, 2025Updated 5 months ago
- Find out how to bypass HVCI (or not). My own research on Microsoft Warbird (specifically in clipsp.sys)☆93Oct 26, 2025Updated 4 months ago
- Proof-of-concept game using VBS enclaves to protect itself from cheating☆49Nov 10, 2024Updated last year
- The sequel to Voyager☆95Aug 21, 2024Updated last year
- How to use PiDqSerializationWrite. Introduces how to safely read and write from mapped driver☆26May 29, 2023Updated 2 years ago
- Simple driver loader for windows☆17May 22, 2020Updated 5 years ago
- Simple EFI runtime driver that hooks GetVariable function and returns data expected by Windows to make it think that it's running with se…☆214Oct 1, 2021Updated 4 years ago