zhuhuibeishadiao Goto Github PK

kiero

Universal graphical hook for a D3D9-D3D12, OpenGL and Vulcan based games.

km-stl

A drop-in replacement for the C++ STL for kernel mode Windows drivers. The goal is to have implementations for things like the standard algorithms that don't require memory allocations or exceptions, and for implementations of type traits and other compile-time related headers. Full implementation of the STL is a non-goal.

km-um-communication

A somewhat wide collection of various kernelmode-usermode communication methods in one repository (mainly just for learning purposes).

koppeling

Adaptive DLL hijacking / dynamic export forwarding

krabsetw

KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.

ksdumper

Dumping processes using the power of kernel space !

ksm

A really simple and lightweight x64 hypervisor written in C for Windows (Intel processors, >= Haswell only). Supports vmfunc, EPTP switching and ept violation handling via IDT in guest ("IDT shadowing").

ksm_plus

Memory management is one of the most important parts of the operating system. KSM (Kernel Samepage Merging) in Linux kernel is a kind of memory saving technology developed after the emerging of virtual machine. KSM can dramatically decrease the memory usage of the hypervisor running several virtual machines. Actually, KSM can also be applied to normal applications. But in order to use the KSM, application must explicitly evoke a system call in source code level to tell KSM the memory area where the KSM will scan. To normal users, modifying the source code is impossible at most of the time. Base on the full grasp of the implementation of KSM, a new implementation named KSM+ is created, which allows users to merge same-content pages on the specified applications without modifying corresponding source code. Moreover, the original KSM algorithm relies heavily on the specified area is rich in same-content pages, while normal applications have much less same-content pages compared to virtual machines. So, when KSM is applied to those applications, it is possible that memory usage will rise rather than decrease. To combat with this situation, KSM+ employs a new algorithm to decrease the memory usage for running itself. Several experiments prove that the KSM+ can be easily applied to specified applications and memory usage can be reduced. And a case is designed to compare the effect between KSM and KSM+, which shows KSM+ behaves better in deduplication when the same-content pages’ density is very low. At last, in order to inspect the characteristics of same-content pages from normal desktop applications, an ad-hoc kernel module is developed to do the statistics which supplies significant data for the further development of KSM+.

ksocket

KSOCKET provides a very basic example on how to make a network connections in the Windows Driver by using WSK

kstealthinjector

Stealthy Injector that leverages a vulnerable driver and other exploits to remain undetected

ktl

Windows Kernel Template Library

kvm-guest-drivers-windows

Windows paravirtualized

lazy_importer

library for importing functions from dlls in a hidden, reverse engineer unfriendly way

lazycopy

NTFS minifilter driver that can download file content from a remote location, when it is opened for the first time.

lcxl-shadow

LCXL影子系统

learn-kvm

Qemu KVM(Kernel Virtual Machine)学习笔记

learn-windows-drivers

Windows drivers 开发的各个基础示例，包含进程、内存、注册表、回调等管理

libc

Kernel C++ driver developing library; std & boost partially supported

libevtx

Library and tools to access the Windows XML Event Log (EVTX) format

libmem

Process & Memory Hacking Library written in C89 (Windows/Linux/BSD) (Internal/External) (x86/x64, ARM/ARM64) (C/C++)

libpeconv

A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_project_template

libscanhook

libsys

System abstractions

linux-kernel-module-cheat

The perfect emulation setup to study and modify the Linux kernel, kernel modules, QEMU and gem5. Highly automated. Thoroughly documented. GDB step debug and KGDB just work. Automated tests. Powered by Buildroot. "Tested" in Ubuntu 18.04 host, x86_64, ARMv7 and ARMv8 guests with kernel v5.0.

loadlibrayy

x64 manualmapper with kernel elevation and thread hijacking capabilities to bypass anticheats

loadlibrayy-1

lol_china

lol_launcher

League Of Legends 英雄联盟 启动器

lol_replayer_for_tencent

League Of Legends 英雄联盟，腾讯游戏助手TGP录像的解析代码，可搭建录像服务器，启动游戏进行观看录像。

lpc

windows LPC library