Pinned Repositories
CritSectionVsKernelObject
POC project to demonstrate performance difference between a critical section and a synchronization kernel object in Windows.
elam
A Practical example of ELAM (Early Launch Anti-Malware)
KernelMoveMouse
Kernel driver that moves the mouse
KernelObjects
What is the essentials of kernel object actually? Sample for Creating a new kernel object type and supporting API
PTE-View
RealBlindingEDR
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
SymlinkProtect
File system minifilter driver for Windows to block symbolic link attacks.
Windows-Internals
My repository to upload drivers from different books and all the information related to windows internals.
Windows-Internals-Debugging-Performance-Learning-Resources
windows-kernel-cve
WindowsKernel's Repositories
WindowsKernel/RealBlindingEDR
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
WindowsKernel/Windows-Internals-Debugging-Performance-Learning-Resources
WindowsKernel/KernelObjects
What is the essentials of kernel object actually? Sample for Creating a new kernel object type and supporting API
WindowsKernel/windows-kernel-cve
WindowsKernel/CritSectionVsKernelObject
POC project to demonstrate performance difference between a critical section and a synchronization kernel object in Windows.
WindowsKernel/PTE-View
WindowsKernel/wdk_template
Windows kernel driver template for cmkr (with testsigning).
WindowsKernel/WFPExplorer
Windows Filtering Platform Explorer
WindowsKernel/3d-injector
WindowsKernel/Banshee
Experimental Windows x64 Kernel Rootkit.
WindowsKernel/BlackLotus
BlackLotus UEFI Windows Bootkit
WindowsKernel/Chaos-Rootkit
x64 ring0 Rootkit with Process Hiding and Privilege Escalation Capabilities
WindowsKernel/enum_real_dirbase
从MmPfnData中枚举进程和页目录基址
WindowsKernel/FakeSign
自建时间戳服务器实现伪签名驱动证书 Implementing Pseudo Signature with Self-Sign Timestamp Servers
WindowsKernel/FmDriver
一个简单的驱动 具有R3 调用
WindowsKernel/InfinityHook_latest
etw hook (syscall/infinity hook) compatible with the latest Windows version of PG
WindowsKernel/Inject_Win
inject dll
WindowsKernel/kcrypt
an encryption library designed for Windows kernel and driver programming
WindowsKernel/kdmp-parser-rs
A KISS Rust crate to parse Windows kernel crash-dumps created by Windows & its debugger.
WindowsKernel/KernelDwm
Kernel dwm render
WindowsKernel/Medusa
Radical Windows ARK
WindowsKernel/MS-DOS
The original sources of MS-DOS 1.25, 2.0, and 4.0 for reference purposes
WindowsKernel/NtCreateLowBoxToken
A fully compatible replacement of Windows NT NtCreateLowBoxToken syscall - precisely restored from reverse engineering
WindowsKernel/NVDrv
Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.
WindowsKernel/PatchGuardBypass
Bypassing PatchGuard on modern x64 systems
WindowsKernel/PPL
run process as PPL Antimalware (ELAM)
WindowsKernel/unKover
PoC Anti-Rootkit to uncover Windows Drivers/Rootkits mapped to Kernel Memory.
WindowsKernel/WinArk
Windows Anti-Rootkit Tool
WindowsKernel/WindowProtect
Etw hook 查找窗口相关内核函数 实现窗口保护 适用于Win10
WindowsKernel/Windows-10-22H2-Vulnerable-driver-communication
Allocate memory in the kernel & r/w control registers with a vulnerable driver.