zer0condition/ZeroHVCI external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

zer0condition/ZeroHVCI

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/zer0condition/ZeroHVCI)

Close

zer0condition / ZeroHVCIView on GitHubMore

• External links
• Readme badge

Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling without admin permissions or kernel drivers.

☆253Oct 26, 2024Updated last year

Alternatives and similar repositories for ZeroHVCI

Users that are interested in ZeroHVCI are comparing it to the libraries listed below

• SamuelTulach / memhv

  View on GitHub
  Minimalistic AMD-V/SVM hypervisor with memory introspection capabilities
  ☆372Feb 26, 2025Updated last year
• SamuelTulach / PwnedBoot

  View on GitHub
  Using Windows' own bootloader as a shim to bypass Secure Boot
  ☆225Jul 17, 2024Updated last year
• Oliver-1-1 / GhostMapper

  View on GitHub
  ☆360May 11, 2025Updated 9 months ago
• SamuelTulach / HookGuard

  View on GitHub
  Hooking Windows' exception dispatcher to protect process's PML4
  ☆228Jan 24, 2025Updated last year
• can1357 / selene

  View on GitHub
  Kernel-mode Paravirtualization in Ring 2, LLVM based linker, and some other things!
  ☆409Apr 19, 2025Updated 10 months ago
• MmMapIoSpace / UCMapper

  View on GitHub
  Unknowncheats Magically Optimized Tidy Mapper using nvaudio
  ☆153Jun 11, 2024Updated last year
• cutecatsandvirtualmachines / SKLib

  View on GitHub
  Standard Kernel Library for Windows manipulation in C++
  ☆199Jun 18, 2025Updated 8 months ago
• zer0condition / NVDrv

  View on GitHub
  Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.
  ☆276Aug 25, 2023Updated 2 years ago
• 0mWindyBug / GhostMapperUM

  View on GitHub
  manual map unsigned driver over signed memory
  ☆219Apr 11, 2024Updated last year
• AmitMoshel1 / PatchGuardEncryptorDriver

  View on GitHub
  A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.
  ☆78Mar 29, 2025Updated 11 months ago
• ekknod / acdrv

  View on GitHub
  base for testing
  ☆186Sep 28, 2024Updated last year
• jonomango / nohv

  View on GitHub
  Kernel driver for detecting Intel VT-x hypervisors.
  ☆197Jul 11, 2023Updated 2 years ago
• Xyrem / HyperDeceit

  View on GitHub
  HyperDeceit is the ultimate all-in-one library that emulates Hyper-V for Windows, giving you the ability to intercept and manipulate oper…
  ☆376Jun 3, 2023Updated 2 years ago
• iqrw0 / DieDMAProtection

  View on GitHub
  ☆29Mar 9, 2024Updated last year
• can1357 / hvdetecc

  View on GitHub
  Collection of hypervisor detections
  ☆296Sep 25, 2024Updated last year
• klezVirus / DriverJack

  View on GitHub
  Hijacking valid driver services to load arbitrary (signed) drivers abusing native symbolic links and NT paths
  ☆359Aug 11, 2024Updated last year
• emlinhax / tableflipper

  View on GitHub
  partially disable patchguard up to win11 21H2
  ☆19Jun 3, 2024Updated last year
• KiFilterFiberContext / warbird-hook

  View on GitHub
  Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard
  ☆268Aug 31, 2022Updated 3 years ago
• passthehashbrowns / VectoredExceptionHandling

  View on GitHub
  ☆108Aug 21, 2024Updated last year
• armvirus / CosMapper

  View on GitHub
  Loads a signed kernel driver which allows you to map any driver to kernel mode without any traces of the signed / mapped driver.
  ☆382Aug 8, 2021Updated 4 years ago
• 0mWindyBug / KDP-compatible-driver-loader

  View on GitHub
  KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys
  ☆165Jun 14, 2024Updated last year
• connorjaydunn / BinaryShield

  View on GitHub
  An x86-64 Code Virtualizer
  ☆304Sep 26, 2024Updated last year
• Cr4sh / KernelForge

  View on GitHub
  A library to develop kernel level Windows payloads for post HVCI era
  ☆485May 18, 2021Updated 4 years ago
• tandasat / CVE-2024-21305

  View on GitHub
  Report and exploit of CVE-2024-21305.
  ☆40Jan 14, 2024Updated 2 years ago
• Xyrem / Yumekage

  View on GitHub
  Demo proof of concept for shadow regions, and implementation of HyperDeceit.
  ☆314May 31, 2023Updated 2 years ago
• LowLevelSys / physmem_remapper

  View on GitHub
  ☆28Dec 20, 2025Updated 2 months ago
• SamuelTulach / DirectPageManipulation

  View on GitHub
  A basic demonstration of directly overwriting paging structures for physical memory r/w and interprocess memory copy
  ☆103Jun 26, 2023Updated 2 years ago
• AaLl86 / WindowsInternals

  View on GitHub
  Contains all the applications developed for the Second part of the 7th Edition of Windows Internals book
  ☆118Jun 30, 2024Updated last year
• jjensn / CVE-2024-36877

  View on GitHub
  Exploit POC for CVE-2024-36877
  ☆48Aug 14, 2024Updated last year
• zer0condition / GDRVLib

  View on GitHub
  Virtual and physical memory hacking library using gigabyte vulnerable driver
  ☆71Apr 9, 2023Updated 2 years ago
• BeneficialCode / KReClassEx

  View on GitHub
  Kernel ReClassEx
  ☆68Nov 21, 2023Updated 2 years ago
• armvirus / SinMapper

  View on GitHub
  usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to …
  ☆470Jan 3, 2022Updated 4 years ago
• cutecatsandvirtualmachines / CheatDriver

  View on GitHub
  Example driver on how to use SKLib
  ☆70Nov 20, 2024Updated last year
• daem0nc0re / VectorKernel

  View on GitHub
  PoCs for Kernelmode rootkit techniques research.
  ☆431Nov 4, 2025Updated 3 months ago
• DErDYAST1R / 64KernelDriverCleaner

  View on GitHub
  A Kernel Driver that can be used for a cheat or malware base to circumvent common cache & structure table checks. PsLoadedModuleList howe…
  ☆203Sep 27, 2025Updated 5 months ago
• SamuelTulach / nullmap

  View on GitHub
  Using CVE-2023-21768 to manual map kernel mode driver
  ☆197Mar 10, 2023Updated 2 years ago
• Barracudach / CallStack-Spoofer

  View on GitHub
  This tool will allow you to spoof the return addresses of your functions as well as system functions.
  ☆550Nov 12, 2022Updated 3 years ago
• memN0ps / illusion-rs

  View on GitHub
  Rusty Hypervisor - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)
  ☆340Aug 31, 2024Updated last year
• carlos-al / user-kernel-syscall-hook

  View on GitHub
  ☆93Jun 3, 2024Updated last year