Pay attention:

Develop based on HyperPlatForm and Only x64.

Feature

Support log process' systemcalls and easy ept-hook (NtOpenProcess or NtCreateFile .etc)

Support hook win32kfull.sys funtions.

Add hide window (attack gpKernelHandleTable and hook FindWindow).

header file "settings.h" ,hooked functions are implemented at service_hook.cpp about line 360

PDBSDK.h

1.failed to unhook NtDeviceIoControlFile(reference is not zero)

Name		Name	Last commit message	Last commit date
Latest commit History 66 Commits
Client		Client
FindWindowTest		FindWindowTest
HyperPlatform		HyperPlatform
IOtest		IOtest
detect-vm1		detect-vm1
detect-vm2		detect-vm2
int3test		int3test
.gitattributes		.gitattributes
.gitignore		.gitignore
.gitmodules		.gitmodules
HyperPlatform.sln		HyperPlatform.sln
README.md		README.md