An attempt to restore and adapt to modern Win10 version the Rootkit Arsenal original code samples

Related tags

Utilities rootkit-arsenal-guacamole
Overview

rootkit-arsenal-guacamole

An attempt to restore and adapt to modern Win10 version the Rootkit Arsenal original code samples All projects have been ported to x64 and tested on latest Win10 (2004 - 19041.746)

Projects

Templates

  • KMD : Kernel Mode Driver template that includes a userland C&C template
  • IRQL : multicore synchronization primimitives via rising IRQL through DPCs
  • ReadPE : Parse PE IAT

Userland Hooking

  • RemoteThread : CreateRemoteThread for DLL injection | ported to x64 + DLL to be injected as argument
  • IATHooking : DLL that perform IAT hooking on a given function

Kernel Hooking

[underway]

You might also like...
Simple password/cookies/history/bookmarks stealer/dumper for chrome all version (includes 80+)
Simple password/cookies/history/bookmarks stealer/dumper for chrome all version (includes 80+)

Simple password/cookies/history/bookmarks stealer/dumper for chrome all version (includes 80+), microsoft edge browser,includes all chromium based browsers, and all gecko based browser (firefox etc.).

null 75 Dec 16, 2022
A compile-time enabled Modern C++ library that provides compile-time dimensional analysis and unit/quantity manipulation.

mp-units - A Units Library for C++ The mp-units library is the subject of ISO standardization for C++23/26. More on this can be found in ISO C++ paper

Mateusz Pusz 679 Dec 29, 2022
The most powerful and customizable binary pattern scanner written on modern C++

Sig The most powerful and customizable binary pattern scanner written on modern C++ ✔ Capabilities: Support for all common pattern formats: Pattern +

Александр 153 Dec 21, 2022
A Template Engine for Modern C++

Inja is a template engine for modern C++, loosely inspired by jinja for python. It has an easy and yet powerful template syntax with all variables, lo

pantor 1.2k Jan 8, 2023
Mustache text templates for modern C++

About Mustache implementation for modern C++ (requires C++11) Header only Zero dependencies Templated string type for compatibility with any STL-like

Kevin Wojniak 307 Dec 11, 2022
Pretty Printer for Modern C++
Pretty Printer for Modern C++

Highlights Single header file Requires C++17 MIT License Quick Start Simply include pprint.hpp and you're good to go. #include pprint.hpp To start p

Pranav 879 Dec 22, 2022
LibOS is a modern C++17 library that makes OS-specific features cross-platform.

LibOS is a modern C++17 library that makes OS-specific features cross-platform. Ever tried to get Windows version after Windows 8? Or to send ke

Gavrilikhin Daniil 27 Sep 13, 2022
Utilities and common code for use with raylib

Utilities and shared components for use with raylib

Jeffery Myers 86 Dec 1, 2022
This project aims to facilitate debugging a kernel driver in windows by adding support for a code change on the fly without reboot/unload, and more!
This project aims to facilitate debugging a kernel driver in windows by adding support for a code change on the fly without reboot/unload, and more!

BSOD Survivor Tired of always telling yourself when you got a BSOD that what if I could just return to the caller function which caused the BSOD, and

Ido Westler 159 Dec 21, 2022
Owner
Matteo Malvica
Matteo Malvica
GitHub
Windows x64 rootkit

P4tch3r Windows x64 rootkit (tested on Windows 7) It's PoC of patching NtTerminateProcess function by just overwriting instructions catching arguments

null 7 Jul 22, 2022
A simple Windows kernel rootkit.

Venom RootKit A simple windows rootkit that I have wrote, In order to explore a bit about the world of rootkits and windows kernel in general. The Ven

Amit Schendel 64 Oct 9, 2022
yark - Yet Another RootKit

yark - Yet Another RootKit How to Build Requirements In order to build the kernel module, you need to install the kernel-headers package corresponding

imlk 16 Nov 9, 2022
Internet Key Exchange version 2 (IKEv2) daemon - portable version of OpenBSD iked

Portable OpenIKED This is a port of OpenBSD's OpenIKED to different Unix-like operating systems, including Linux, macOS and FreeBSD.

OpenIKED 27 Dec 4, 2022
A dedicated performance counter for Cortex-M systick. It shares the SysTick with users' original SysTick function without interfere it. This library will bring new functionalities, such as performance counter, delay_us and clock() service defined in time.h

perf_counter A dedicated performance counter for Cortex-M systick. It shares the SysTick with users' original SysTick function without interfere it. T

Gabriel Wang 202 Jan 8, 2023
The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.

The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.

Microsoft 7.2k Jan 2, 2023
runsc loads 32/64 bit shellcode (depending on how runsc is compiled) in a way that makes it easy to load in a debugger. This code is based on the code from https://github.com/Kdr0x/Kd_Shellcode_Loader by Gary "kd" Contreras.

runsc This code is based on the code from https://github.com/Kdr0x/Kd_Shellcode_Loader by Gary "kd" Contreras and contains additional functionality. T

null 24 Nov 9, 2022
The lightweight and modern Map SDK for Android and iOS

Open Mobile Maps The lightweight and modern Map SDK for Android (6.0+) and iOS (10+) openmobilemaps.io Getting started Readme Android Readme iOS Featu

Open Mobile Maps 95 Dec 23, 2022
Stripped down version of BIGTREETECH-TouchScreenFirmware which only supports ST7920 emulation (Marlin Mode)

Stripped down version of BIGTREETECH-TouchScreenFirmware which only supports ST7920 emulation (Marlin Mode). This project only uses peripheral drivers supplied by the screen manufacturer and uses it's own library to parse the ST7920 commands.

null 112 Dec 30, 2022
CE-Plugin - 📃 Support Version Cheat Engine 6.5~Higher

?? Support Version Cheat Engine 6.5~Higher ?? Preview ❄️ Reference & Thanks Cheat Engine[Debugger with plugin] Unicorn[CPU emulator framework] Capston

kanren3 1 Jul 25, 2022