Notify Routines Research

A research project about Windows notify routines.

The full research paper is available in:

Projects

Remote Thread Shellcode Injector - A basic code injector which injects shellcode to a remote process using CreateRemoteThread.
Remote Thread Detector Driver - A driver that detects remote thread creations.
Library Hooking Driver & Dll - A driver that hooks library functions in every new process using DLL injection from the kernel.
Notify Routine Enumeration Driver - A driver that enumerates all the (create thread) notify routines currenty registered in the system.
Notify Routine Hooking Driver - A driver that hooks (create thread) notify routine and bypasses the LibraryHookingDriver.

Name		Name	Last commit message	Last commit date
Latest commit History 17 Commits
LibraryHookingDll		LibraryHookingDll
LibraryHookingDriver		LibraryHookingDriver
NotifyRoutineEnumerationDriver		NotifyRoutineEnumerationDriver
NotifyRoutineHookingDriver		NotifyRoutineHookingDriver
RemoteThreadDetectorDriver		RemoteThreadDetectorDriver
RemoteThreadShellcodeInjection		RemoteThreadShellcodeInjection
.gitignore		.gitignore
LICENSE		LICENSE
NotifyRoutinesResearch.sln		NotifyRoutinesResearch.sln
README.md		README.md