GitHub topics: windows-kernel
winfsp/winfsp
Windows File System Proxy - FUSE for Windows
Language: C - Size: 15.1 MB - Last synced at: about 4 hours ago - Pushed at: about 1 month ago - Stars: 7,493 - Forks: 528
UEFI-code/QEMU_Danger_x86
A hack version of QEMU which can ALTER Ring3/0 behavior, for your kernel hack research
Language: C - Size: 588 MB - Last synced at: 1 day ago - Pushed at: 1 day ago - Stars: 0 - Forks: 0
tandasat/HyperPlatform
Intel VT-x based hypervisor aiming to provide a thin VM-exit filtering platform on Windows.
Language: C++ - Size: 7.62 MB - Last synced at: about 2 hours ago - Pushed at: over 1 year ago - Stars: 1,605 - Forks: 421
backengineering/VDM 📦
Library to manipulate drivers that expose a physical memory read/write primitive.
Language: C++ - Size: 529 KB - Last synced at: 1 day ago - Pushed at: over 1 year ago - Stars: 25 - Forks: 4
daem0nc0re/AtomicSyscall
Tools and PoCs for Windows syscall investigation.
Language: C# - Size: 1.54 MB - Last synced at: 3 days ago - Pushed at: 4 months ago - Stars: 359 - Forks: 47
rabbitstack/fibratus
Adversary tradecraft detection, protection, and hunting
Language: Go - Size: 16.4 MB - Last synced at: 5 days ago - Pushed at: 5 days ago - Stars: 2,316 - Forks: 198
0dayResearchLab/msFuzz
msFuzz is a coverage-guided fuzzer for Windows kernel drivers using Intel PT. It is constraint- and dependency-aware for efficient path exploration.
Language: Makefile - Size: 5.35 MB - Last synced at: 5 days ago - Pushed at: 5 days ago - Stars: 169 - Forks: 26
daem0nc0re/SharpWnfSuite
C# Utilities for Windows Notification Facility
Language: C# - Size: 1.87 MB - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 148 - Forks: 24
can1357/NtRays
Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.
Language: C++ - Size: 241 KB - Last synced at: 6 days ago - Pushed at: 3 months ago - Stars: 588 - Forks: 73
daem0nc0re/PrivFu
Kernel mode WinDbg extension and PoCs for token privilege investigation.
Language: C# - Size: 12.8 MB - Last synced at: 7 days ago - Pushed at: 3 months ago - Stars: 845 - Forks: 121
elid3/Vergex
Generate Ghidra-ready C headers from Windows kernel structs using public data from the Vergilius Project.
Language: Python - Size: 8.79 KB - Last synced at: 9 days ago - Pushed at: 9 days ago - Stars: 0 - Forks: 0
HyperDbg/HyperDbg
State-of-the-art native debugging tools
Language: C - Size: 42.8 MB - Last synced at: 8 days ago - Pushed at: 9 days ago - Stars: 3,185 - Forks: 408
vitoplantamura/BugChecker
SoftICE-like kernel debugger for Windows 11
Language: C - Size: 31 MB - Last synced at: 9 days ago - Pushed at: almost 2 years ago - Stars: 968 - Forks: 128
tandasat/SimpleSvm
A minimalistic educational hypervisor for Windows on AMD processors.
Language: C++ - Size: 117 KB - Last synced at: 9 days ago - Pushed at: about 2 months ago - Stars: 393 - Forks: 63
therealdreg/Win.Cerdalux
WinXPSP2.Cermalus on stereoids, supporting all 32 bits Windows version. Windows Kernel Virus stuff for noobs
Language: Assembly - Size: 23.1 MB - Last synced at: 11 days ago - Pushed at: over 1 year ago - Stars: 18 - Forks: 0
tandasat/SimpleSvmHook
SimpleSvmHook is a research purpose hypervisor for Windows on AMD processors.
Language: C++ - Size: 438 KB - Last synced at: 14 days ago - Pushed at: about 4 years ago - Stars: 379 - Forks: 74
0xflux/Ferric-Fox
A windows 11 rootkit in Rust
Language: Rust - Size: 24.4 KB - Last synced at: 11 days ago - Pushed at: 29 days ago - Stars: 7 - Forks: 1
IDouble/Kernel-Memory-Reading-Writing
🔍 Code to read / write the Process Memory from the Kernel 🔧
Language: C - Size: 678 KB - Last synced at: 3 days ago - Pushed at: about 1 year ago - Stars: 74 - Forks: 8
jxy-s/stlkrn
C++ STL in the Windows Kernel with C++ Exception Support
Language: C++ - Size: 221 KB - Last synced at: 16 days ago - Pushed at: over 1 year ago - Stars: 408 - Forks: 79
winfsp/winspd
Windows Storage Proxy Driver - User mode disk storage
Language: C - Size: 2.14 MB - Last synced at: 15 days ago - Pushed at: almost 4 years ago - Stars: 428 - Forks: 54
0vercl0k/sic
Enumerate user mode shared memory mappings on Windows.
Language: C - Size: 696 KB - Last synced at: 7 days ago - Pushed at: about 4 years ago - Stars: 118 - Forks: 22
anas200321/Kernel-Memory-Reading-Writing
🔍 Code to read / write the Process Memory from the Kernel 🔧
Size: 1000 Bytes - Last synced at: 29 days ago - Pushed at: 29 days ago - Stars: 0 - Forks: 0
SoftSec-KAIST/NTFuzz
NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis (IEEE S&P '21)
Language: F# - Size: 7.92 MB - Last synced at: 10 days ago - Pushed at: over 3 years ago - Stars: 102 - Forks: 23
yardenshafir/DpcWait
Driver demonstrating how to register a DPC to asynchronously wait on an object
Language: C++ - Size: 14.6 KB - Last synced at: 7 days ago - Pushed at: over 4 years ago - Stars: 49 - Forks: 26
therealdreg/masm32-kernel-programming
masm32 kernel programming, drivers, tutorials, examples, and tools (credits Four-F)
Language: Assembly - Size: 13.2 MB - Last synced at: 19 days ago - Pushed at: over 1 year ago - Stars: 119 - Forks: 14
0xbekoo/SSDT-Hooking
The project uses SSDT Hooking to bypass security checks during driver loading by hooking NtLoadDriver and modifying the PreviousMode flag.
Language: C - Size: 74.2 KB - Last synced at: about 1 month ago - Pushed at: about 2 months ago - Stars: 3 - Forks: 0
rft0/km-dll-mapper
Kernel Mode DLL Manual Mapper
Language: C++ - Size: 1.55 MB - Last synced at: 10 days ago - Pushed at: 6 months ago - Stars: 27 - Forks: 3
Anonym0usWork1221/android-memorytool
Android Memory Tools written in python for RAM data reading and writing process of android, linux and windows os's.
Language: Python - Size: 308 KB - Last synced at: 12 days ago - Pushed at: 6 months ago - Stars: 61 - Forks: 11
0xbekoo/WinKernelDev
Windows Kernel Development
Language: C - Size: 11.4 MB - Last synced at: about 1 month ago - Pushed at: 8 months ago - Stars: 1 - Forks: 0
rafael-santiago/kryptos
A multiplatform easy to embed crypto library.
Language: C - Size: 2.08 MB - Last synced at: 16 days ago - Pushed at: 2 months ago - Stars: 4 - Forks: 0
therealdreg/dregate
call gates as stable comunication channel for NT x86 and Linux x86_64
Language: C++ - Size: 33.3 MB - Last synced at: 18 days ago - Pushed at: over 1 year ago - Stars: 31 - Forks: 4
therealdreg/WinXPSP2.Cermalus
Malware WinXPSP2.Cermalus Windows Kernel Virus
Language: Assembly - Size: 205 MB - Last synced at: 11 days ago - Pushed at: over 1 year ago - Stars: 16 - Forks: 10
an-autodidact/Kernel-Memory-Reading-Writing
🔍 Code to read / write the Process Memory from the Kernel 🔧
Size: 354 KB - Last synced at: about 2 months ago - Pushed at: 3 months ago - Stars: 0 - Forks: 0
SubconsciousCompute/fsfilter-rs
Experimental: A rust library to monitor filesystem 🪛 and more in windows
Language: C++ - Size: 6.36 MB - Last synced at: 7 days ago - Pushed at: about 2 years ago - Stars: 36 - Forks: 8
Th3Spl/NoImportz
Simple single file header for creating zero imports drivers. Can be useful for bypassing forensic memory analysis performed by anticheats, for example.
Language: C++ - Size: 27.3 KB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 5 - Forks: 0
danielkrupinski/KernelProcessList
Example Windows Kernel-mode Driver which enumerates running processes.
Language: C - Size: 12.7 KB - Last synced at: 16 days ago - Pushed at: almost 3 years ago - Stars: 55 - Forks: 26
therealdreg/ringstepper
windbg plugin easy-step from user code to kernel code
Language: C - Size: 272 KB - Last synced at: 11 days ago - Pushed at: over 1 year ago - Stars: 6 - Forks: 4
mranv/sysmon-process
A poc on sysmon for process creation on kernel level!
Language: PowerShell - Size: 3.41 MB - Last synced at: 8 days ago - Pushed at: 6 months ago - Stars: 0 - Forks: 0
daem0nc0re/HEVD-CSharpKernelPwn
CSharp Writeups for HackSys Extreme Vulnerable Driver
Language: C# - Size: 48.8 KB - Last synced at: 3 days ago - Pushed at: over 3 years ago - Stars: 43 - Forks: 17
platforminfo/platforminfo
System info made easy - Python library to find system info on your computer. Requires python ≥ 3.7
Language: Python - Size: 160 KB - Last synced at: 9 days ago - Pushed at: 8 months ago - Stars: 3 - Forks: 0
radkum/windows-kernel-rs
Windows kernel development in Rust is not widely used yet. Therefore, here is a simple example of a driver and minifilter written in Rust. Also, I've written some helpful crates. Enjoy!
Language: Rust - Size: 121 KB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 4 - Forks: 1
karthik558/WSL2-Linux-Kernel Fork of microsoft/WSL2-Linux-Kernel
This is the source code for the Linux kernel that runs in Windows Subsystem for Linux 2 (WSL2).
Language: C - Size: 1.6 GB - Last synced at: 4 days ago - Pushed at: about 2 years ago - Stars: 11 - Forks: 0
KelvinMsft/kHypervisor
kHypervisor is a lightweight bluepill-like nested VMM for Windows, it provides and emulating a basic function of Intel VT-x
Language: C++ - Size: 16.2 MB - Last synced at: 11 months ago - Pushed at: over 3 years ago - Stars: 373 - Forks: 128
MiroKaku/ucxxrt
The Universal C++ RunTime library, supporting kernel-mode C++ exception-handler and STL.
Language: C++ - Size: 6.77 MB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 371 - Forks: 94
DownWithUp/WinPools
WinPools is an example of how Windows kernel big pool addresses can be leaking using NtQuerySystemInformation
Language: C - Size: 3.91 KB - Last synced at: about 1 year ago - Pushed at: almost 6 years ago - Stars: 9 - Forks: 1
RIscRIpt/ntl 📦
Very tiny and selective implementation of STL for Windows NT kernel mode drivers
Language: C++ - Size: 43 KB - Last synced at: about 1 year ago - Pushed at: almost 4 years ago - Stars: 17 - Forks: 10
therealdreg/cagrackme
short crackme for Windows XP SP3 (32 bit version). ring0 stuff. IMO very fun x-)
Language: Batchfile - Size: 129 KB - Last synced at: about 1 month ago - Pushed at: over 1 year ago - Stars: 23 - Forks: 0
VoidSec/DriverBuddyReloaded
Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks
Language: Python - Size: 239 KB - Last synced at: over 1 year ago - Pushed at: almost 2 years ago - Stars: 250 - Forks: 43
amiryeshurun/HyperWin-Communication-Driver
A driver that supports communication between a Windows guest and HyperWin
Language: C - Size: 36.1 KB - Last synced at: over 1 year ago - Pushed at: over 4 years ago - Stars: 14 - Forks: 13
amiryeshurun/HyperWin
A native hypervisor designed for the Windows operating system
Language: C - Size: 2.57 MB - Last synced at: over 1 year ago - Pushed at: about 4 years ago - Stars: 114 - Forks: 35
ntoskrnl7/crtsys
C/C++ Runtime library for system file (Windows Kernel Driver) - Supports Microsoft STL
Language: C++ - Size: 937 KB - Last synced at: over 1 year ago - Pushed at: over 2 years ago - Stars: 162 - Forks: 32
0xvpr/offensive-kernel-mode-c
A dedicated repository for exploring offensive kernel-mode techniques.
Language: C - Size: 4.88 KB - Last synced at: about 2 months ago - Pushed at: almost 2 years ago - Stars: 1 - Forks: 0
Maximly/vsys
Kernel modules in C++ with CMake: cross-platform system level development library for Linux/Windows/MacOS
Language: C++ - Size: 292 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 1 - Forks: 0
dennisbabkin/CritSectionVsKernelObject
POC project to demonstrate performance difference between a critical section and a synchronization kernel object in Windows.
Language: C++ - Size: 96.7 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0
0xcpu/exthost
A POC for Windows Extension Host hooking
Language: C - Size: 4.88 KB - Last synced at: over 1 year ago - Pushed at: almost 6 years ago - Stars: 22 - Forks: 11
loneicewolf/windows-rootkits
My own 'collection' of windows rootkits.
Size: 10.7 KB - Last synced at: 2 months ago - Pushed at: about 2 years ago - Stars: 2 - Forks: 0
vitoplantamura/BugChecker2002 📦
SoftICE-like debugger for Windows 2000 and XP. Archived.
Language: C - Size: 400 KB - Last synced at: almost 2 years ago - Pushed at: over 2 years ago - Stars: 8 - Forks: 8
belazr/LumbrJack
LumbrJack is a very basic kernel mode logger for 64 bit Windows.
Language: C - Size: 53.7 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 0 - Forks: 0
KiFilterFiberContext/windows-software-policy
Research on obfuscated licensing APIs / CLIP service in the Windows kernel
Language: C - Size: 117 KB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 45 - Forks: 1
loneicewolf/smbdoor Fork of ExpLife0011/smbdoor
improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys
Language: C - Size: 6.92 MB - Last synced at: about 2 years ago - Pushed at: about 2 years ago - Stars: 46 - Forks: 5
WizardVan/Walker
Lot of Walkers under Windows.
Language: C - Size: 8.79 KB - Last synced at: about 2 years ago - Pushed at: over 9 years ago - Stars: 3 - Forks: 2
WizardVan/KernelHandlerReader
A kernel handler reader can read kernel handler from other process
Language: C - Size: 1000 Bytes - Last synced at: about 2 years ago - Pushed at: over 9 years ago - Stars: 2 - Forks: 0
Deputation/kernel_payload_comms
A proof of concept demonstrating communication via mapped shared memory structures between a user-mode process and a kernel-mode payload on Windows 10 20H2.
Language: C++ - Size: 285 KB - Last synced at: about 2 years ago - Pushed at: almost 4 years ago - Stars: 36 - Forks: 23
SHA-MRIZ/DisplayMiniportHooking
Language: C++ - Size: 25.4 KB - Last synced at: about 2 years ago - Pushed at: over 4 years ago - Stars: 39 - Forks: 17
Exploitables/ExFreePool-Vulnerability
My research into taking advantage of ExFreePool primitives.
Language: C - Size: 537 KB - Last synced at: about 2 years ago - Pushed at: almost 3 years ago - Stars: 6 - Forks: 2
ElliotAlderson51/Kernel-Rootkit-32Bit
Rootkit for Windows 32-bit
Language: C++ - Size: 5.86 KB - Last synced at: about 2 years ago - Pushed at: over 3 years ago - Stars: 4 - Forks: 1
SilverTuxedo/keval
Call arbitrary Windows kernel-mode functions from Python on another machine
Language: Python - Size: 194 KB - Last synced at: about 2 years ago - Pushed at: over 3 years ago - Stars: 42 - Forks: 5
luzhlon/winapi-kmd-rs Fork of pravic/winapi-kmd-rs
Windows Kernel-Mode Drivers written in Rust
Language: Rust - Size: 886 KB - Last synced at: about 2 years ago - Pushed at: over 7 years ago - Stars: 2 - Forks: 0
InoxicoDev/ELK.Spike
This repository is purposed for learning and setting up a POC of hosting the Elastic Stack on a Windows kernel using Docker. Very useful to host on a Windows server without Hyper-V support for Linux containers.
Language: PowerShell - Size: 57.6 KB - Last synced at: about 2 years ago - Pushed at: about 6 years ago - Stars: 1 - Forks: 0
