ntoskrnl

Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.

翻译 - 用于自动简化 Windows 内核反编译的 Hex-Rays 微码插件。

Web-based tool that allows comparing symbol, type and syscall information of Microsoft Windows binaries across different versions of the OS.

Cross-platform tool that allows browsing and extracting C and C++ type declarations from PDB files.

The history of Windows Internals via symbols.

翻译 - Windows Internals通过符号的历史记录。

Collect different versions of Crucial modules.

Enumerate user mode shared memory mappings on Windows.

Kernel Level NMI Callback Blocker

Windows kernel debugger for Linux hosts running Windows under KVM/QEMU

Collect various versions of ntoskrnl files

Analysis of the vulnerability

ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel driver by importing at runtime.

Kernel Mode DLL Manual Mapper

A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using InstrumentationCallback.

Game Engine from an ADHDer that will never be finished.

Dump ntoskrnl.exe important offsets for building your navigation system in the Windows Kernel, using Radare2 and Rust

💠 Documented and undocumented WinAPI search.

EPROCESS Unlinking example in "C" using DKOM Manipulation

PsLoadedModuleList Unlinking through DKOM Manipulation

All undocumented ntoskrnl structs crawled from vergiliusproject.com

A mirror of Windows NT Kernel Documentation