• Stars
    star
    103
  • Rank 333,046 (Top 7 %)
  • Language
    Assembly
  • Created over 4 years ago
  • Updated over 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An example of how x64 kernel shellcode can dynamically find and use APIs

DynamicKernelShellcode

An example of how x64 kernel shellcode can dynamically find and use kernel APIs (exported from ntoskrnl).
Tested on Windows 10 x64 (1903)
The shellcode is capable of returning function addresses from ntoskrnl. For more practical use, it can easily be modified to call these functions. I used FASM as the assembler, but there is no special syntax so others should work. The Python file included is capable of generating the hashes needed.

Useful resources

More Repositories

1

CallMon

CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers
C
128
star
2

ALPC-Example

An example of a client and server using Windows' ALPC functions to send and receive data.
C
88
star
3

CVE-Stockpile

Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.
C
47
star
4

CVE-2018-16712

PoC Code for CVE-2018-16712 (exploit by MmMapIoSpace)
C
25
star
5

WarbirdExamples

An example of how to use Microsoft Windows Warbird technology
C
24
star
6

WhoCalls_C

WhoCalls can query a directory of files, find the binaries, and search for a user specified Win API import. It and works with both 32-bit (PE) and 64-bit (PE32+) file formats (.exe, .dll, .sys)
C
17
star
7

KLoad_C

A simple command line utility to quickly load and unload Windows drivers
C
16
star
8

WinPools

WinPools is an example of how Windows kernel big pool addresses can be leaking using NtQuerySystemInformation
C
14
star
9

WHPHook

Simple DLL and client app that work together to hook all the functions in WinHvPlatform.dll in order to provide logging and introspection at the hypervisor level
C++
13
star
10

CVE-2018-15499

PoC code for CVE-2018-15499 (exploit race condition for BSoD)
C
11
star
11

DbgKeystone

A keystone engine powered Windows Debugger extension
C
10
star
12

Windows-Syscalls-Examples

Examples of how to use Syscalls in various Windows versions and architectures.
Assembly
10
star
13

IOCTL-Flooder

IOCTL-Flooder is a verbose tool designed to help with Windows driver fuzzing by brute forcing IOCTLs on loaded drivers. GetLastError is used to guess validity
C
10
star
14

KLoad

A simple command line utility to quickly load and unload Windows drivers
Rust
9
star
15

FakeDriverPoC

This is a PoC driver which creates a fake driver and device object with the intent on allowing a user mode program to communicate with a "fake" driver and device.
C
7
star
16

CVE-2018-16713

PoC code for CVE-2018-16713 (exploit by rdmsr)
C
6
star
17

CVE-2018-18714

PoC Code for CVE-2018-18714 (exploit by stack overflow)
C
6
star
18

CVE-2018-18026

PoC Code for CVE-2018-18026 (exploit by stack overflow)
C
6
star
19

soplock

The Simple Opportunistic Lock tool
C
5
star
20

CVE-2018-16711

PoC code for CVE-2018-16711 (exploit by wrmsr)
C
5
star
21

SHA-ME

A pure WinAPI program that demonstrates translating a file into a SHA-256 hash. Designed to be used as a utility.
C
4
star
22

Code-Rewrites

Programs and scripts I've ported to other languages, mostly for fun.
Pascal
4
star
23

Spoof-Task-Manager

An example showing how a mutex can stop taskmgr.exe from loading
Assembly
4
star
24

wat

The Linux coreutils spin off of cat, but for Windows.
Assembly
4
star
25

The-Good-Bad-Code

Pushing the limits of bad programming practices. Abusing APIs. Destroying utility programs.
Assembly
4
star
26

SystemsWork

A repo containing examples relating to various aspects of Windows internals and processor features
C
3
star
27

HyperCalc

An Intel HAXM powered, protected mode, 32 bit, hypervisor addition calculator, written in Rust.
Rust
3
star
28

Check-Administrator-Status

A spin off of Command Prompt Add-ons. This includes examples of how to check privilege status.
Assembly
3
star
29

Driver-Easy-Research

Python scripts for manipulating Driver Easy's servers
Python
3
star
30

bswap

A Windbg extension for swapping byte endianness.
C
2
star
31

Musical-Processes

Turn a process' memory into music (32-bit only)
Pascal
2
star
32

WhoCalls

A program which can query a directory of files, find the binaries, and search for a specified Win API import.
Rust
1
star
33

downwithup.github.io

Personal website
HTML
1
star