ntoskrnl

Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.

Web-based tool that allows comparing symbol, type and syscall information of Microsoft Windows binaries across different versions of the OS.

Cross-platform tool that allows browsing and extracting C and C++ type declarations from PDB files.

The history of Windows Internals via symbols.

Collect different versions of Crucial modules.

Enumerate user mode shared memory mappings on Windows.

Kernel Level NMI Callback Blocker

Windows kernel debugger for Linux hosts running Windows under KVM/QEMU

Collect various versions of ntoskrnl files

Analysis of the vulnerability

ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel driver by importing at runtime.

Kernel Mode DLL Manual Mapper

A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using InstrumentationCallback.

runtime patchguard disabler (win 10 & 11)

EPROCESS Unlinking example in "C" using DKOM Manipulation

Game Engine from an ADHDer that will never be finished.

Dump ntoskrnl.exe important offsets for building your navigation system in the Windows Kernel, using Radare2 and Rust

💠 Documented and undocumented WinAPI search.

All undocumented ntoskrnl structs crawled from vergiliusproject.com

PsLoadedModuleList Unlinking through DKOM Manipulation