Simple Intel VT-x hypervisor

State-of-the-art native debugging tools

Hypervisor with EPT hooking support.

Disks for DMA

BattlEye shellcodes tester

Intel VT-x based hypervisor aiming to provide a thin VM-exit filtering platform on Windows.

SimpleSvmHook is a research purpose hypervisor for Windows on AMD processors.

Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executable pages. (VAD hide / NX bit swapping)

Call of Duty: Modern Warfare 2019 client tracking

KDStinker fork, targeting latest intel driver from 2019

Stealthy way to hijack the existing game process handle within the game launcher (currently supports Steam and Battle.net). Achieve external game process read/write with minimum footprint.

HWID Spoofer which spoofs disk serials, smart disk serials and SMBIOS.

PoC HWID spoofer that runs in EFI

KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

C++20, x86/x64 Hooking Libary v2.0

Access without a real handle

UEFI bootkit for driver manual mapping

DLL scatter manual mapper

MouClassInputInjection implements a kernel interface for injecting mouse input data packets into the input data stream of HID USB mouse devices.

VivienneVMM is a stealthy debugging framework implemented via an Intel VT-x hypervisor.

A plugin for ReClass.NET to manipulate memory in a virtual machine.

KVM-based Virtual Machine Introspection

LibVMI-based debug server, implemented in Python. Building a guest aware, stealth and agentless full-system debugger

physical memory introspection framework

A mini anti-anti debug hooking library for Windows.

A simple open source module injector library x86/x64 for Windows

A Cheat for Call of Duty: Modern Warfare written in Rust using my memlib-rs library