NotificationsYou must be signed in to change notification settings Code Pull requests Actions Projects Security Insights Additional navigation options master 1Branch0Tags Code This branch is up to date withHOOK11/EPT-HOOK:master. Packages No packages published...
momo5502/ept-hook-detectionPublic Sponsor NotificationsYou must be signed in to change notification settings Fork20 Star81 main 1Branch Tags Code Folders and files Name Last commit message Last commit date Latest commit momo5502 Update README.md ...
原版地址:https://github.com/uefibootkit/Voyager原版只支持到win 10 2004,我只更新了win 10 22H2的特征码,如果其他系统版本没效果请自行更新,找BlImgAllocateImageBuffer的特征就行。另外原版的没有ept hook(hyper-v是开启ept的),我加了个支持Intel的ept,代码写的仓促,应该有bug,移除hook只是删掉了链表里面的...
我们要做的就是调用EptVmxRootModePageHook和HasLaunched标志,该标志确定我们是否在 Vmx 操作中使用了 EPT。 描述EptVmxRootModePageHook部分中我将在稍后的应用 Hook。 如果我们已经在 Vmx 操作中使用了这个 EPT,那么我们需要要求 Vmx root-mode 为我们修改 EPT 表; 换句话说,我们必须从VMX-root 模式调用EptVmxR...
#define VMCALL_EXEC_HOOK_PAGE 0x3 // VMCALL to Hook ExecuteAccess bit of the EPT Table #define VMCALL_INVEPT_ALL_CONTEXT 0x4 // VMCALL to invalidate EPT (All Contexts) #define VMCALL_INVEPT_SINGLE_CONTEXT 0x5 // VMCALL to invalidate EPT (A Single Context) ...
GitHub is where people build software. More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects.
Gbhvtakes advantage of the features ofVT-Xto stealthily hide code modifications fromPatchGuard. With this technique,Gbhvcan hook or modify any function or data of the running operating system without ever triggering security or integrity protections, making it an incredibly powerful tool in security...
The doxygen documentation for HyperDbg. You can also visit https://doxygen.hyperdbg.org - doxygen-www/epthook2_8cpp.html at ffa3dc62014616839abf653b7af22fcef9374936 · HyperDbg/doxygen-www
[6] MoRE -https://github.com/ainfosec/MoRE Design In order to install a shadow hook, DdiMon creates a couple of copies of a page where the address to install a hook belongs to. After DdiMon is initialized, those two pages are accessed when a guest, namely all but ones by the hyperv...
Different aproaches to detecting EPT hooks. Contribute to momo5502/ept-hook-detection development by creating an account on GitHub.