Windy Bug's starred repositories
Windows-driver-samples
This repo contains driver samples prepared for use with Microsoft Visual Studio and the Windows Driver Kit (WDK). It contains both Universal Windows Driver and desktop-only driver samples.
SinMapper
usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to map your driver over. the main focus of this project is to prevent modern anti-cheats (BattlEye, EAC) from finding your driver and having the power to hook anything due to being inside of legit memory (signed legit driver).
warbird-hook
Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard
GhostMapperUM
manual map unsigned driver over signed memory
classinformer-ida8
IDA Class Informer plugin for IDA 8.x
Suspending-Techniques
Comparing, discussing, and bypassing various techniques for suspending and freezing processes on Windows.
24h2-nt-exploit
Exploit targeting NT kernel in 24H2 Windows Insider Preview
windows-software-policy
Research on obfuscated licensing APIs / CLIP service in the Windows kernel
KernelInjector
PoC kernel to usermode injection
RansomGuard
anti-ransomware file-system filter
DataptrHooks
ntoskrnl .data hooks for UM-KM communication
vmware-svga
not mine, clone from
WinMain-is-usually-a-function
Windows NT port of 'Main is usually a function. So then when is it not?'
WFPCalloutReserach
research revolving the windows filtering platform callout mechanism
KeystrokeSniffer
a windows kernel keylogger that works
InstrumentationCallbacks
A native Windows library for intercepting kernel-to-user transitions using instrumentation callbacks
PnpNotifyResearch
a driver to enumerate registered pnp callbacks for a particular interface class based on reversal of IoRegisterPlugPlayNotification