neat way to detect memory read using nt layer function.

"libcpu" is an open source library that emulates several CPU architectures

Dont Call Me Back - Dynamic kernel callback resolver. Scan kernel callbacks in your system in a matter of seconds!

Leaked Windows processes handles identification tool

x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration

A PoC for Mhyprot2.sys vulnerable driver that allowing read/write memory in kernel/user via unprivileged user process.

A kernel vulnerability used to achieve arbitrary read-write on Windows prior to July 2022

Quick check of NT kernel exported&unexported functions/global variable offset NT内核导出以及未导出函数+全局变量偏移速查

Kernel Anit Anit Debug Plugins 内核反反调试插件

The Kernel-Mode Winsock library, supporting TCP, UDP and Unix sockets (DGRAM and STREAM).

makin - reveal anti-debugging and anti-VM tricks [This project is not maintained anymore]

CPU Internals (Cache, TLB, MMU, Pipeline, Branch Prediction, Out-of-Order Execution, ROB, Side Channel Attack ...)

kernel-mode cs:go cheat without the need of a user-mode controller.

Valve Anti-Cheat bypass written in C.

Windows memory hacking library

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

CMake integration in Visual Studio Code

Infect Shared Files In Memory for Lateral Movement

Шаблон полнофункционального драйвера и обёртки над ядерным API

Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.

SoftICE-like kernel debugger for Windows 11

Basic Windows Kernel Programming

KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory

r0ak ("roak") is the Ring 0 Army Knife -- A Command Line Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems

SDA is a rich cross-platform tool for reverse engineering that focused firstly on analysis of computer games. I'm trying to create a mix of the Ghidra, Cheat Engine and x64dbg. My tool will combine…

2022 Updated Kernelmode-Code

Static Library For Windows Drivers

Inline syscalls made easy for windows on clang

A wrapper library around native windows sytem APIs

A free but powerful Windows kernel research tool.