《关于编写 x64 Windows 10 驱动以了解虚拟内存这件事》系列视频附带的代码和材料

Abusing nvidia driver (nvoclock.sys) for physical/virtual memory and control register manipulation.

The Next Generation of Anti-Rookit(ARK) tool for Windows.

A library to read/write memory to Windows on KVM

blacksun framework for QEMU/KVM game cheat development

QEMU patched to avoid detection from various anticheats such as Battleye/EAC

windows泄露源码

Disable PatchGuard and Driver Signature Enforcement at boot time

Detailed Instructions on the creation of custom/modified DMA (attack) Firmware based on pcileech-fpga

Windows Kernel inject (no module no thread)

一次偶然的研究中发现可以利用EasyAntiCheat.sys驱动来保护我们指定的进程

update face injector by KANKOSHEV

Windows kernel samples

query-pdb is a server-side software for parsing PDB files. The software provides PDB online parsing service.

可在非测试模式下符号化读取内核内存。Kernel memory can be read symbolically in non test mode。

PdbView shows the contents of PDB files

Kernel driver that .text hooks a syscall in dxgkrnl.sys which can be called from our user-mode client to send instructions like rpm/wpm and even draw rectangles for esp. This was made to hack video…

VirtualKD-Redux - A revival and modernization of VirtualKD

Windows memory hacking library

KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory

Kernel-Mode extended version of https://github.com/microsoft/Detours

Communicate between user-mode and kernel-mode through a swapped QWORD pointer argument.

a Windows kernel Pdb parsing and downloading library that running purely in kernel mode without any R3 programs.

The Windows Kernel Programming book samples

WFP Traffic Redirection Driver is used to redirect NIC traffic on network layer and framing layer, based on Windows Filtering Platform (WFP).

Hook system calls, context switches, page faults and more.

eBPF implementation that runs on top of Windows