Pinned Repositories
CritSectionVsKernelObject
POC project to demonstrate performance difference between a critical section and a synchronization kernel object in Windows.
elam
A Practical example of ELAM (Early Launch Anti-Malware)
KernelMoveMouse
Kernel driver that moves the mouse
KernelObjects
What is the essentials of kernel object actually? Sample for Creating a new kernel object type and supporting API
PTE-View
RealBlindingEDR
Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...
SymlinkProtect
File system minifilter driver for Windows to block symbolic link attacks.
Windows-Internals
My repository to upload drivers from different books and all the information related to windows internals.
Windows-Internals-Debugging-Performance-Learning-Resources
windows-kernel-cve
WindowsKernel's Repositories
WindowsKernel/openprocmon
open source process monitor
WindowsKernel/TokenPlayer
Manipulating and Abusing Windows Access Tokens.
WindowsKernel/Kernel_Inject
Kernel Inject DLL
WindowsKernel/SymlinkProtect
File system minifilter driver for Windows to block symbolic link attacks.
WindowsKernel/Windows-Rootkits
WindowsKernel/nt5src
Source code of Windows XP (NT5). Leaks are not from me. I just extracted the archive and cabinet files.
WindowsKernel/MemoryRanger
MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. MemoryRanger has been presented at the BlackHat, HITB, CDFSL.
WindowsKernel/ExecutiveCallbackObjects
Research on Windows Kernel Executive Callback Objects
WindowsKernel/ALPC-Example
An example of a client and server using Windows' ALPC functions to send and receive data.
WindowsKernel/HookSigntool
WindowsKernel/autochk-rootkit
Reverse engineered source code of the autochk rootkit
WindowsKernel/KernelObjectView
View handles and object for each object type
WindowsKernel/Windows-Internals
My repository to upload drivers from different books and all the information related to windows internals.
WindowsKernel/TDL
Driver loader for bypassing Windows x64 Driver Signature Enforcement
WindowsKernel/NewHideDriverEx
Hide Driver By MiProcessLoaderEntry
WindowsKernel/VirtualFileSystem
Playing with Projected File System 监视文件操作
WindowsKernel/HideProcess
A basic Direct Kernel Object Manipulation rootkit that removes a process from the EPROCESS list, hiding it from the Task Manager
WindowsKernel/ALPCLogger
Log ALPC activity
WindowsKernel/rw_socket_driver
Driver that uses network sockets to communicate with client and read/ write protected process memory.
WindowsKernel/WinRing0
Get windows CPU temperature with WinRing0 driver and library
WindowsKernel/DSEFix
Windows x64 Driver Signature Enforcement Overrider
WindowsKernel/A-Protect
fork from A-Protect
WindowsKernel/regf
Windows registry file format specification
WindowsKernel/Kernel-dll-injector
Kernel-Mode Driver that loads a dll into every new created process that loads kernel32.dll module
WindowsKernel/ReactOS
WindowsKernel/windows2000
Win2k source code
WindowsKernel/windows_kernel_address_leaks
Examples of leaking Kernel Mode information from User Mode on Windows
WindowsKernel/ioctlbf
Windows Kernel Drivers fuzzer
WindowsKernel/sdk71examples
sdk Examples
WindowsKernel/Record