windows-kernel

There are 25 repositories under windows-kernel topic.

• winfsp

  winfsp / winfsp

  Windows File System Proxy - FUSE for Windows

  driverfilesystemfusegplv3kernelwindowswindows-kernel
  Language:C 6671
• HyperDbg

  HyperDbg / HyperDbg

  State-of-the-art native debugging tool

  binary-analysischipdebugdebuggerdebuggingdebugging-tooleptfpgahardwarehookhwdbghyperdbghypervisorkernel-debuggerlogic-analyzermalware-analysisreverse-engineeringsecuritysecurity-toolswindows-kernel
  Language:C 2631

• rabbitstack / fibratus

  A modern tool for Windows kernel exploration and tracing with a focus on security

  windowswindows-kernelinstrumentationpythongolangsecurityedr
  Language:Go 2093

• tandasat / HyperPlatform

  Intel VT-x based hypervisor aiming to provide a thin VM-exit filtering platform on Windows.

  hypervisorwindows-kernelvirtual-machinedriver
  Language:C++ 1465

• vitoplantamura / BugChecker

  SoftICE-like kernel debugger for Windows 11

  kernel-debuggerwindows-kernel
  Language:C 896

• daem0nc0re / PrivFu

  Kernel mode WinDbg extension and PoCs for token privilege investigation.

  windowswindows-kernelwindbgwindbg-extension
  Language:C# 682

• can1357 / NtRays

  Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.

  ntoskrnlwindows-kernelhex-rayshex-rays-decompiler
  Language:C++ 481

• winfsp / winspd

  Windows Storage Proxy Driver - User mode disk storage

  storagediskscsiwindowskernelwindows-kerneldrivergplv3
  Language:C 410

• MiroKaku / ucxxrt

  The Universal C++ RunTime library, supporting kernel-mode C++ exception-handler and STL.

  cppwindows-kernelexception-handlerstlcpp17-library
  Language:C++ 384

• jxy-s / stlkrn

  C++ STL in the Windows Kernel with C++ Exception Support

  windows-kernelwindows-drivercppcpp17-librarycpp17stlstl-containerscpp-librarycpp-programmingkernel-drivermsvcmsvc-windowsmsvcrtmsvcrtlcpp14cpp14-librarycpp20cpp20-library
  Language:C++ 378

• KelvinMsft / kHypervisor

  kHypervisor is a lightweight bluepill-like nested VMM for Windows, it provides and emulating a basic function of Intel VT-x

  nested-virtualizationvirtualizationvt-xwindows-kernelkernelwindbghyperplatformvm-entry-emulationvcpusvirtualization-based-security
  Language:C++ 374

• daem0nc0re / AtomicSyscall

  Tools and PoCs for Windows syscall investigation.

  windowswindows-kernelsyscalls
  Language:C# 346

• tandasat / SimpleSvmHook

  SimpleSvmHook is a research purpose hypervisor for Windows on AMD processors.

  amdsvmhypervisorwindows-kerneldrivervirtual-machine
  Language:C++ 322

• VoidSec / DriverBuddyReloaded

  Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks

  reverse-engineeringwindows-kernelidaida-pluginidapythonwindows-driverdriver-exploitation
  Language:Python 300

• tandasat / SimpleSvm

  A minimalistic educational hypervisor for Windows on AMD processors.

  amddriverhypervisorsvmvirtual-machinewindows-kernel
  Language:C++ 280

• ntoskrnl7 / crtsys

  C/C++ Runtime library for system file (Windows Kernel Driver) - Supports Microsoft STL

  windows-driverwindows-kernelcrtcruntime-librarycppdriver-programmingstlwdkckernelkernel-driverucrtcpp17cpp20modern-cppcpp14kernel-driverskernel-modulewindows-drivers
  Language:C++ 174

• daem0nc0re / SharpWnfSuite

  C# Utilities for Windows Notification Facility

  windowswindows-kernel
  Language:C# 124

• amiryeshurun / HyperWin

  A native hypervisor designed for the Windows operating system

  assembly-x86epthypervisorintel-vtvirtualizationvt-xwindows-hypervisorwindows-kernel
  Language:C 118
• sic

  0vercl0k / sic

  Enumerate user mode shared memory mappings on Windows.

  drivervadprototype-pteshmntoskrnlshared-memorywindows-kernelwindows-10
  Language:C 112

• therealdreg / masm32-kernel-programming

  masm32 kernel programming, drivers, tutorials, examples, and tools (credits Four-F)

  driver-programmingdriverskernelkernel-programmingmasm32assembly-x86windows-kernel
  Language:Assembly 111

• 0dayResearchLab / msFuzz

  Targeting Windows Kernel Driver Fuzzer

  fuzz-testingfuzzerfuzzingkernelresearchsecuritysecurity-vulnerabilitywindowswindows-kernelwindows-kernel-exploitation
  Language:Makefile 109

• SoftSec-KAIST / NTFuzz

  NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis (IEEE S&P '21)

  fuzzerfuzzingkernel-fuzzerwindows-kernelb2r2fsharpbinary-analysis
  Language:F# 88

• Deputation / kernel_payload_comms

  A proof of concept demonstrating communication via mapped shared memory structures between a user-mode process and a kernel-mode payload on Windows 10 20H2.

  driverkernelpayloadvirtual-machinevirtual-memorywindbgwindows-kernel
  Language:C++ 65

• KiFilterFiberContext / windows-software-policy

  Research on obfuscated licensing APIs / CLIP service in the Windows kernel

  reverse-engineeringwindows-kernelmicrosoft-warbirdundocumented
  Language:C 63
• android-memorytool

  Anonym0usWork1221 / android-memorytool

  Android Memory Tools written in python for RAM data reading and writing process of android, linux and windows os's.

  cheatmemorymemory-toolpythontermuxandroid-memory-toolcheat-scripttermux-cheatsandroid-kernelgame-cheatslinux-kernelmemory-managementmemory-profilingprofilerscriptingwindowswindows-kernel
  Language:Python 50

• loneicewolf / smbdoor

  improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys

  improvementsmbdoorsmbextrapulsardoublepulsarsrvnetundocumentedsmb-handlerwindows-kernelwindows-kernel-exploitationback-door
  Language:C 50

• danielkrupinski / KernelProcessList

  Example Windows Kernel-mode Driver which enumerates running processes.

  windowskernel-modekernel-mode-driverdriver-programmingnativezwquerysysteminformationprocessprocess-listdriverwindows-kernelwdk
  Language:C 49

• SHA-MRIZ / DisplayMiniportHooking

  kernel-mode-driverwindows-kernel-hookwindows-kerneldriver-programming
  Language:C++ 48

• daem0nc0re / HEVD-CSharpKernelPwn

  CSharp Writeups for HackSys Extreme Vulnerable Driver

  windowswindows-kernel
  Language:C# 46

• IDouble / Kernel-Memory-Reading-Writing

  🔍 Code to read / write the Process Memory from the Kernel 🔧

  kernelreadwritememoryprocesskernelmodectemplatesimpleeasy-to-usewindowsthreadkernel-driverkernel-functionswindows-kernel
  Language:C 44

• SilverTuxedo / keval

  Call arbitrary Windows kernel-mode functions from Python on another machine

  windows-kernelctypespythoncppffi-wrapperlibclangresearch-tool
  Language:Python 43

• yardenshafir / DpcWait

  Driver demonstrating how to register a DPC to asynchronously wait on an object

  windowswindows-internalsdpcwaitwindows-kerneldebugging
  Language:C++ 43

• SubconsciousCompute / fsfilter-rs

  Experimental: A rust library to monitor filesystem 🪛 and more in windows

  minifilterrustwindowskernelobservabilitywindows-kernel
  Language:C++ 33

• therealdreg / dregate

  call gates as stable comunication channel for NT x86 and Linux x86_64

  phracklinux-kernelwindows-kernelcallgatesbochs
  Language:C++ 27

• therealdreg / cagrackme

  short crackme for Windows XP SP3 (32 bit version). ring0 stuff. IMO very fun x-)

  crackmedriverring0windows-kernelinternalsx86
  Language:Batchfile 23

• 0xcpu / exthost

  A POC for Windows Extension Host hooking

  windows-10windows-kernelhookingproof-of-concept
  Language:C 22