LYingSiMon's repositories
HWIDFaker
niggas onl
cheat-driver
Kernel mode driver for reading/writing process memory. C/Win32.
rewolf-wow64ext
Helper library for x86 programs that runs under WOW64 layer on x64 versions of Microsoft Windows operating systems.
FU_Hypervisor
A hypervisor hiding user-mode memory using EPT
SpoofMAC
:briefcase: Change your MAC address for debugging
MdlHookSSDT
use mdl replace change cr3 to hook ssdt
re_sysdiag
逆向火绒安全软件驱动——sysdiag
DisableWin10PatchguardPoc
pseudo-code to show how to disable patchguard with win10
EUPMAccess
This DKOM exploit enables any app in usermode to access physical memory directly
Syscall-Monitor
Syscall Monitor is a system monitor program (like Sysinternal's Process Monitor) using Intel VT-X/EPT for Windows7+
PowerLoaderEx
PowerLoaderEx - Advanced Code Injection Technique for x32 / x64
PFHook
Page fault hook use ept (Intel Virtualization Technology)
MiniVTx64
Intel Virtualization Technology demo
ProcessHider
Post-exploitation tool for hiding processes from monitoring applications
DivertTCPconn
A TCP packet diverter for Windows platform
vmulti
Virtual Multiple HID Driver (multitouch, mouse, digitizer, keyboard, joystick)
http
Simple & modern HTTP client for C++
rtsectiontest
An Attempt to Bypass Memory Scanners By Misusing the ntdll.dll "RT" Section.
Win64-Rovnix-VBR-Bootkit
Win64/Rovnix - Volume Boot Record Bootkit
frookSINATRA
POC of sysenter x64 LSTAR MSR hook
HideProcessHookMDL
A simple rootkit to hide a process