xrv3ovl's repositories
ida_kern_til
Tools for building TIL for IDA SDK & exporting them to python wrapper
Windows-Internals-Build-10.0.-18362-
Another Windows Internals repo
OfficeActivator
Office Activator
Banshee
Experimental Windows x64 Kernel Rootkit.
BYOVDKit
bring your own vulnerable driver
EtwTi-FluctuationMonitor
Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections
HyperDeceit
HyperDeceit is the ultimate all-in-one library that emulates Hyper-V for Windows, giving you the ability to intercept and manipulate operating system tasks with ease.
DLLSpy
DLL Hijacking Detection Tool
Cool-Hypervisor
A intel hypervisor, implementing many virtualization techniques
WID_LoadLibrary
Reverse engineering winapi function loadlibrary.
IDTHook-x86
Detour hooking IRQ1 ISR through IDT (Interrupt Descriptor Table)
CompatLib
Compatibility library for re-establishing Windows XP SP-3 support in VS2019
idatil2c
Convert IDA Type Library `*.til` to Compilable C Header!
bootlicker
A generic UEFI bootkit used to achieve initial usermode execution. It works with modifications.
system_trace_tool
内核驱动加载/卸载痕迹清理,努力绕过反作弊吧 PiDDBCacheTable and MmLastUnloadedDriver
InfinityHookPro
InfinityHookPro Win7 -> Win11 latest
Privileger
Privileger is a tool to work with Windows Privileges
Proxy-Function-Calls-For-ETwTI
The code is a pingback to the Dark Vortex blog: https://0xdarkvortex.dev/hiding-memory-allocations-from-mdatp-etwti-stack-tracing/
fileid
File Type Identification Tool & Metadata extractor intended for automation
PINKPANTHER
Windows x64 handcrafted token stealing kernel-mode shellcode
windows-ps-callbacks-experiments
Files for http://blog.deniable.org/posts/windows-callbacks/
HyperWin
A native hypervisor designed for the Windows operating system
DynamicWrapperEx
x64 Registration-Free In-Process COM Automation Server.
win32-ex
Win32 API Experimental(or Extension) features
CInject
Windows Kernel inject (no module no thread)