Windows File System Proxy - FUSE for Windows

A modern tool for the Windows kernel exploration and tracing

Intel VT-x based hypervisor aiming to provide a thin VM-exit filtering platform on Windows.

The Source Code of HyperDbg Debugger 🐞

Windows Storage Proxy Driver - User mode disk storage

kHypervisor is a lightweight bluepill-like nested VMM for Windows, it provides and emulating a basic function of Intel VT-x

SimpleSvmHook is a research purpose hypervisor for Windows on AMD processors.

A minimalistic educational hypervisor for Windows on AMD processors.

A native hypervisor designed for the Windows operating system

Enumerate user mode shared memory mappings on Windows.

Driver demonstrating how to register a DPC to asynchronously wait on an object

A POC for Windows Extension Host hooking

Very tiny and selective implementation of STL for Windows NT kernel mode drivers

Example Windows Kernel-mode Driver which enumerates running processes.

A driver that supports communication between a Windows guest and HyperWin

🔍 Code to read / write the Process Memory from the Kernel 🔧

virtualkd-modified

WinPools is an example of how Windows kernel big pool addresses can be leaking using NtQuerySystemInformation

improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys

A kernel handler reader can read kernel handler from other process

This repository is purposed for learning and setting up a POC of hosting the Elastic Stack on a Windows kernel using Docker. Very useful to host on a Windows server without Hyper-V support for Linux containers.

windbg plugin easy-step from user code to kernel code

Lot of Walkers under Windows.

Windows Kernel-Mode Drivers written in Rust

A proof of concept demonstrating communication via mapped shared memory structures between a user-mode process and a kernel-mode payload on Windows 10 20H2.