A lightweight native DLL mapping library that supports mapping directly from memory

Hide Process From Task Manager using Usermode API Hooking

A simple program to hook the current process to identify the manual syscall executions on windows

Turn off PatchGuard in real time for win7 (7600) ~ later

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

A x64 Windows Rootkit using SSDT or Hypervisor hook

Hook system calls on Windows by using Kaspersky's hypervisor

KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys

silence file system monitoring components by hooking their minifilters

A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.

codes for my blog post: https://secrary.com/Random/InstrumentationCallback/

Inline syscalls made for MSVC supporting x64 and WOW64

Open-source Windows and Office activator featuring HWID, Ohook, KMS38, and Online KMS activation methods, along with advanced troubleshooting.

X64内核小工具

A Super-fast account switcher for Steam, Battle.net, Epic Games, Origin, Riot, Ubisoft and many others!

An integration for IDA and VS Code which connects both to easily execute and debug IDAPython scripts.

This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.

Thefatrat a massive exploiting tool : Easy tool to generate backdoor and easy tool to post exploitation attack like browser attack and etc . This tool compiles a malware with popular payload and th…

The functions interception library written on pure C and NativeAPI with UserMode and KernelMode support

Page fault hook use ept (Intel Virtualization Technology)

State-of-the-art native debugging tools

SimpleSvmHook is a research purpose hypervisor for Windows on AMD processors.

Simple x86-64 VT-x Hypervisor with EPT Hooking

VT Hook

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

Hypervisor based anti anti debug plugin for x64dbg

x64dbg plugin which removes anti-dumping and obfuscation techniques from the popular FPS game Overwatch.

Guaranteed compile-time string literal obfuscation header-only library for C 14

Obfuscation library based on C 11/14 and metaprogramming

kHypervisor is a lightweight bluepill-like nested VMM for Windows, it provides and emulating a basic function of Intel VT-x