Repository navigation

#

ntoskrnl

can1357 / NtRays 

Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.

ntoskrnlwindows-kernelhex-rayshex-rays-decompiler
C++
618
8 个月前
ergrelet / windiff 

Web-based tool that allows comparing symbol, type and syscall information of Microsoft Windows binaries across different versions of the OS.

diffntoskrnlpdbportable-executable逆向工程Webwin32WindowsundocumentedNextRustsyscallsinsiderpreview
Rust
349
4 天前
ergrelet / resym 

Cross-platform tool that allows browsing and extracting C and C++ type declarations from PDB files.

pdbcross-platformLinux逆向工程symbolsWindows命令行界面diffGUIRustWebntoskrnl
Rust
338
8 个月前
AndreyBazhan / SymStore 

The history of Windows Internals via symbols.

windowsinternalswindows-internalsWindowsinternalsKernelsymbolsntoskrnlhalntdll
C
180
4 年前
MiroKaku / Nt-Modules 

Collect different versions of Crucial modules.

ntoskrnlwin32kntdll
Batchfile
144
1 年前
0vercl0k / sic 

Enumerate user mode shared memory mappings on Windows.

drivervadntoskrnlshared-memorywindows-kernelWindows
C
123
5 年前
DErDYAST1R / NmiCallbackBlocker 

Kernel Level NMI Callback Blocker

blockerbypasscallbackdriverExploithvcintoskrnlpatchguardProjectundetectedWindows
C++
122
7 天前
dmaivel / ntoseye 

Windows kernel debugger for Linux hosts running Windows under KVM/QEMU

gdbkernel-debuggerkvmLinuxntoskrnlpdbqemuqemu-kvmwindbgWindowsdisassemblerintrospectionlldbLLVMmemory
C++
96
4 个月前
gmh5225 / ntoskrnl_file_collection 

Collect various versions of ntoskrnl files

Windowsdriverversionntoskrnlfilecollection
57
2 年前
RomanRybachek / CVE-2024-20698 

Analysis of the vulnerability

Common Vulnerabilities and Exposures (CVE)integer-overflowntoskrnl逆向工程Windowsvulnerability
C++
51
2 年前
1hAck-0 / zeroimport 

ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel driver by importing at runtime.

C++KernelntoskrnlWindowsLibrarype
C++
47
3 年前
rft0 / km-dll-mapper 

Kernel Mode DLL Manual Mapper

CC++DLL InjectorinjectorntoskrnlwinapiWindowswindows-kernel
C++
40
1 年前
keowu / InstrumentationCallbackToolKit 

A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using InstrumentationCallback.

anticheatInstrumentationMalwarentoskrnl逆向工程syscallWindows
C++
32
2 年前
rootkitenthusiast / pg-disabler 

runtime patchguard disabler (win 10 & 11)

Kernelntoskrnlpatchguardwdkwin10
C
12
2 个月前
DErDYAST1R / eprocess-dkom-unlinking 

EPROCESS Unlinking example in "C" using DKOM Manipulation

elinkntoskrnlpatchguardprocessundetected
C++
10
1 年前
YukinoHayakawa / Usagi 

Game Engine from an ADHDer that will never be finished.

computer-graphicsentity-component-system游戏引擎ntoskrnlvulkan
C++
9
9 个月前
vtorres / ntoskrnl-offsets-dumper 

Dump ntoskrnl.exe important offsets for building your navigation system in the Windows Kernel, using Radare2 and Rust

byovdntoskrnlradare2RustWindowsKernel
Rust
8
3 年前
baysec-eu / winapi-search 

💠 Documented and undocumented WinAPI search.

dllfunctionssymbolswinapiWindowsntdllntoskrnlwin32syscallswindows-api
TypeScript
8
2 个月前
WindowsDatabase / NtoskrnlStruct 

All undocumented ntoskrnl structs crawled from vergiliusproject.com

ntoskrnlWindowswindows-kernel
C
4
2 年前
DErDYAST1R / PsLoadedModuleList-Dkom-Unlinking 

PsLoadedModuleList Unlinking through DKOM Manipulation

listmodulentoskrnlpatchguardprocessundetected
4
7 天前