Skip to content

W4ZM/data-ptr-swap

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
client
client
 
 
driver
driver
 
 
README.md
README.md
 
 

Repository files navigation

Data PTR Hook Driver

A Windows 11 (24H2) kernel‑mode driver that hooks the NtUserCreateWindowStation function in win32k.sys by swapping its pointer to your function in your mapped driver.

Features

  • Mapped with Kdmapper

  • IoCreateDriver (from Th3Spl)
    Uses IoCreateDriver to bypass PsLoadedModuleList and EtwTiLogDriverObjectLoad.

  • Shared Memory IPC
    Creates section objects for fast, secure communication between kernel and user‑mode client.

  • Physical Memory Access
    Maps target process physical pages to read/write arbitrary user‑mode memory.

  • Windows 11 (24H2) Support
    Tested on Windows 11 version 24H2.

About

Data pointer swap windows driver for reading and writing a user-mode process's memory.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages