Just an example of a well-known technique to detect memory tampering via Windows Working Sets.

VT DEBUGGER

MemProcFS

This is Qt widget for display binary data in traditional hex editor style

《macOS软件安全与逆向分析》随书的调试器代码

The OpenSource Disassembler

base for testing

Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executable pages. (VAD hide / NX bit swapping)

https://www.codeproject.com/Articles/5348168/Disable-Driver-Signature-Enforcement-with-DSE-Patc

A bunch of JavaScript extensions for WinDbg.

Enum and Remove Hook in Windows

Windows Object Explorer 64-bit

Intel learning hypervisor and some extend function

ntoskrnl .data hooks for UM-KM communication

Bypassing EasyAntiCheat.sys self-integrity by abusing call hierarchy

从MmPfnData中枚举进程和页目录基址

Mirror of my favourite hacking Zines for the lulz, nostalgy, and reference

AntiSpy is a free but powerful anti virus and rootkits toolkit.It offers you the ability with the highest privileges that can detect,analyze and restore various kernel modifications and hooks.With …

Detect removed thread from PspCidTable.

A ProcMon-esque tool for monitoring Windows Kernel Drivers

A Poc on blocking Procmon from monitoring network events

Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.

open source process monitor

Process Monitor X v2

Windows Kernel Misc

r/w virtual memory without attach

2023年最新整理，qt开发最全面试集锦，含网络，文件系统，数据库，自定义控件，以及视频讲解，文档

Real-time collection of PMCs via ETW