zer0condition/ZeroHVCI external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

zer0condition/ZeroHVCI

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/zer0condition/ZeroHVCI)

Close

zer0condition / ZeroHVCIView on GitHubMore

• External links
• Readme badge

Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers.

☆255Oct 26, 2024Updated last year

Alternatives and similar repositories for ZeroHVCI

Users that are interested in ZeroHVCI are comparing it to the libraries listed below

• SamuelTulach / memhv

  View on GitHub
  Minimalistic AMD-V/SVM hypervisor with memory introspection capabilities
  ☆384Feb 26, 2025Updated last year
• Oliver-1-1 / GhostMapper

  View on GitHub
  ☆367May 11, 2025Updated 10 months ago
• can1357 / selene

  View on GitHub
  Kernel-mode Paravirtualization in Ring 2, LLVM based linker, and some other things!
  ☆416Apr 19, 2025Updated 11 months ago
• cutecatsandvirtualmachines / SKLib

  View on GitHub
  Standard Kernel Library for Windows manipulation in C++
  ☆203Jun 18, 2025Updated 9 months ago
• zer0condition / NVDrv

  View on GitHub
  Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.
  ☆280Updated this week
• 0mWindyBug / GhostMapperUM

  View on GitHub
  manual map unsigned driver over signed memory
  ☆222Apr 11, 2024Updated last year
• SamuelTulach / PwnedBoot

  View on GitHub
  Using Windows' own bootloader as a shim to bypass Secure Boot
  ☆229Jul 17, 2024Updated last year
• SamuelTulach / HookGuard

  View on GitHub
  Hooking Windows' exception dispatcher to protect process's PML4
  ☆236Jan 24, 2025Updated last year
• MmMapIoSpace / UCMapper

  View on GitHub
  Unknowncheats Magically Optimized Tidy Mapper using nvaudio
  ☆153Jun 11, 2024Updated last year
• AmitMoshel1 / PatchGuardEncryptorDriver

  View on GitHub
  A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.
  ☆78Mar 29, 2025Updated 11 months ago
• ekknod / acdrv

  View on GitHub
  base for testing
  ☆187Sep 28, 2024Updated last year
• Xyrem / HyperDeceit

  View on GitHub
  HyperDeceit is the ultimate all-in-one library that emulates Hyper-V for Windows, giving you the ability to intercept and manipulate oper…
  ☆380Jun 3, 2023Updated 2 years ago
• can1357 / hvdetecc

  View on GitHub
  Collection of hypervisor detections
  ☆300Sep 25, 2024Updated last year
• klezVirus / DriverJack

  View on GitHub
  Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
  ☆361Aug 11, 2024Updated last year
• Xyrem / Yumekage

  View on GitHub
  Demo proof of concept for shadow regions, and implementation of HyperDeceit.
  ☆317May 31, 2023Updated 2 years ago
• jonomango / nohv

  View on GitHub
  Kernel driver for detecting Intel VT-x hypervisors.
  ☆202Jul 11, 2023Updated 2 years ago
• Cr4sh / KernelForge

  View on GitHub
  A library to develop kernel level Windows payloads for post HVCI era
  ☆488May 18, 2021Updated 4 years ago
• zer0condition / GDRVLib

  View on GitHub
  Virtual and physical memory hacking library using gigabyte vulnerable driver
  ☆71Updated this week
• emlinhax / tableflipper

  View on GitHub
  partially disable patchguard up to win11 21H2
  ☆19Jun 3, 2024Updated last year
• iqrw0 / DieDMAProtection

  View on GitHub
  ☆29Mar 9, 2024Updated 2 years ago
• tandasat / CVE-2024-21305

  View on GitHub
  Report and exploit of CVE-2024-21305.
  ☆41Jan 14, 2024Updated 2 years ago
• KiFilterFiberContext / warbird-hook

  View on GitHub
  Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard
  ☆271Aug 31, 2022Updated 3 years ago
• jjensn / CVE-2024-36877

  View on GitHub
  Exploit POC for CVE-2024-36877
  ☆48Aug 14, 2024Updated last year
• zer0condition / ZeroThreadKernel

  View on GitHub
  Recursive and arbitrary code execution at kernel-level without a system thread creation
  ☆159Apr 13, 2023Updated 2 years ago
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆108Aug 21, 2024Updated last year
• 0mWindyBug / KDP-compatible-driver-loader

  View on GitHub
  KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys
  ☆166Jun 14, 2024Updated last year
• AaLl86 / WindowsInternals

  View on GitHub
  Contains all the applications developed for the Second part of the 7th Edition of Windows Internals book
  ☆119Jun 30, 2024Updated last year
• armvirus / CosMapper

  View on GitHub
  Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.
  ☆389Aug 8, 2021Updated 4 years ago
• BeneficialCode / KReClassEx

  View on GitHub
  Kernel ReClassEx
  ☆68Nov 21, 2023Updated 2 years ago
• LowLevelSys / physmem_remapper

  View on GitHub
  ☆29Dec 20, 2025Updated 3 months ago
• worawit / malk

  View on GitHub
  Demonstrate calling a kernel function and handle process creation callback against HVCI
  ☆83Dec 21, 2022Updated 3 years ago
• connorjaydunn / BinaryShield

  View on GitHub
  An x86-64 Code Virtualizer
  ☆310Sep 26, 2024Updated last year
• cutecatsandvirtualmachines / CheatDriver

  View on GitHub
  Example driver on how to use SKLib
  ☆72Nov 20, 2024Updated last year
• carlos-al / user-kernel-syscall-hook

  View on GitHub
  ☆93Jun 3, 2024Updated last year
• Barracudach / CallStack-Spoofer

  View on GitHub
  This tool will allow you to spoof the return addresses of your functions as well as system functions.
  ☆554Nov 12, 2022Updated 3 years ago
• armvirus / SinMapper

  View on GitHub
  usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to …
  ☆475Jan 3, 2022Updated 4 years ago
• SamuelTulach / DirectPageManipulation

  View on GitHub
  A basic demonstration of directly overwriting paging structures for physical memory r/w and interprocess memory copy
  ☆104Jun 26, 2023Updated 2 years ago
• VollRagm / PTView

  View on GitHub
  Browse Page Tables on Windows (Page Table Viewer)
  ☆236Apr 2, 2022Updated 3 years ago
• floesen / KExecDD

  View on GitHub
  Admin to Kernel code execution using the KSecDD driver
  ☆264Apr 19, 2024Updated last year