An attempt to restore and adapt to modern Win10 version the Rootkit Arsenal original code sampls All projects have been ported to x64 and tested on latest Win10 (2004 - 19041.746)
- KMD : Kernel Mode Driver template that includes a userland C&C template
- IRQL : multicore synchronization primimitives via rising IRQL through DPCs
- ReadPE : Parse PE IAT
- RemoteThread : CreateRemoteThread for DLL injection | ported to x64 + DLL to be injected as argument
- IATHooking : DLL that perform IAT hooking on a given function
[underway]