ntoskrnl

Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.

Web-based tool that allows comparing symbol, type and syscall information of Microsoft Windows binaries across different versions of the OS.

Cross-platform tool that allows browsing and extracting C and C++ type declarations from PDB files.

The history of Windows Internals via symbols.

Collect different versions of Crucial modules.

Enumerate user mode shared memory mappings on Windows.

Kernel Level NMI Callback Blocker

Windows kernel debugger for Linux hosts running Windows under KVM/QEMU

Analysis of the vulnerability

Collect various versions of ntoskrnl files

ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel driver by importing at runtime.

Kernel Mode DLL Manual Mapper

A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using InstrumentationCallback.

EPROCESS Unlinking example in "C" using DKOM Manipulation

Dump ntoskrnl.exe important offsets for building your navigation system in the Windows Kernel, using Radare2 and Rust

💠 Documented and undocumented WinAPI search.

PsLoadedModuleList Unlinking through DKOM Manipulation

All undocumented ntoskrnl structs crawled from vergiliusproject.com

A mirror of Windows NT Kernel Documentation