/NotifyRoutinesResearch

A research project about Windows notify routines.

Primary LanguageC++MIT LicenseMIT

Notify Routines Research

A research project about Windows notify routines.

The full research paper is available in:

Projects

  1. Remote Thread Shellcode Injector - A basic code injector which injects shellcode to a remote process using CreateRemoteThread.
  2. Remote Thread Detector Driver - A driver that detects remote thread creations.
  3. Library Hooking Driver & Dll - A driver that hooks library functions in every new process using DLL injection from the kernel.
  4. Notify Routine Enumeration Driver - A driver that enumerates all the (create thread) notify routines currenty registered in the system.
  5. Notify Routine Hooking Driver - A driver that hooks (create thread) notify routine and bypasses the LibraryHookingDriver.

License

MIT

Author