focuspadding
Follow
WindowsSecurity
Kernel cheat with kernel hook for communication
Cheat that uses a driver instead WinAPI for Reading / Writing memory.
Universal graphical hook for a D3D9-D3D12, OpenGL and Vulkan based games.
two types (external/internal) cheat examples, and game to test on.
The functions interception library written on pure C and NativeAPI with UserMode and KernelMode support
Nightshade is a Windows Memory Manipluation library specifically for injecting DLLs and Game Hacking
A C++ library to create function hooks dynamically, so you can easily embed it into other programming languages..
BCC - Tools for BPF-based Linux IO analysis, networking, monitoring, and more
Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11)
Windows drivers 开发的各个基础示例,包含进程、内存、注册表、回调等管理
Driver that uses network sockets to communicate with client and read/ write protected process memory.
A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original entrypoint.
PE loader with various shellcode injection techniques
Anti-Analysis technique, trick the debugger by Hiding events from it.
Load Encrypted Dll Using LoadLibraryA, Keep The Dll Encrypted on disc all the time and decrypt it only in memory.
The official Windows Driver Kit DDI reference documentation sources
a method for undetectable breakpoints in 32-bit Windows programs
Run a Exe File (PE Module) in memory (like an Application Loader)
Post-exploitation tool for hiding processes from monitoring applications
Windows内核安全与驱动开发书附赠的光盘源码
Replace the .txt section of the current loaded modules from \KnownDlls\ to bypass edrs
Page fault hook use ept (Intel Virtualization Technology)
Herpaderply Hollowing - a PE injection technique, hybrid between Process Hollowing and Process Herpaderping
Windows Research Kernel Source Code