RKRestart's repositories
Poseidon
Stealthy UM <-> KM communication system without creating any system threads, permanent hooks, driver objects, section objects or device objects.
GeoIP2-CN
小巧精悍、准确、实用 GeoIP2 数据库
kdmapper
KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory
HyperHide
Hypervisor based anti anti debug plugin for x64dbg
GarHal_CSGO
A project that demonstrates how to screw with CSGO from Kernel Space. (CSGO Kernel Cheat/Hack) All cleaned up, and with updated offsets.
Kernel-VAD-Injector
Windows 10 DLL Injector via Driver utilizing VAD and hiding the loaded driver
arkCrypter
Compile-time + Lifetime, Usermode + Kernelmode, safe and lightweight string crypter library for C++17+, based on skCrypter
ThePerfectInjector
Literally, the perfect injector.
Stealthy-Kernelmode-Injector
Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executable pages. (VAD hide / NX bit swapping)
kernel_payload_comms
A proof of concept demonstrating communication via mapped shared memory structures between a user-mode process and a kernel-mode payload on Windows 10 20H2.
modmap
Module extending manual mapper
Self-Remapping-Code
This program remaps its image to prevent the page protection of pages contained in the image from being modified via NtProtectVirtualMemory.