SyscallProvider is a feature available from Windows 11 22H2, that allows for inline hooking of syscalls.
This unfinished research was done on Windows 11 22H2. The feature is fully undocumented at the moment and it looks like it's locked to Microsoft-signed drivers.
All of the information here was gathered by manual reverse engineering of securekernel.exe, skci.dll and ntoskrnl.exe.
The kernel exports three functions to work with the new feature: PsRegisterSyscallProvider, PsQuerySyscallProviderInformation, PsUnregisterSyscallProvider.
This writeup will explore how this feature is initialized, how it works internally, and how to interact with it and use it.
alastorid alastorid
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| The most atomic way to train and inference a GPT in pure, dependency-free Python. | |
| This file is the complete algorithm. | |
| Everything else is just efficiency. | |
| @karpathy | |
| """ | |
| import os # os.path.exists | |
| import math # math.log, math.exp |
Kristal-g
/ SyscallProvider.md
Created
May 12, 2025 09:02
lugrus2000
/ How to Crack SublimeText and SublumeMerge.md
Last active
January 30, 2026 16:31
How to Crack SublimeText and SublumeMerge
Thanks to @leogx9r for providing cracking methods.
https://gist.github.com/JerryLokjianming/71dac05f27f8c96ad1c8941b88030451#gistcomment-3762200 https://gist.github.com/maboloshi/feaa63c35f4c2baab24c9aaf9b3f4e47#gistcomment-3802197 https://gist.github.com/maboloshi/feaa63c35f4c2baab24c9aaf9b3f4e47#gistcomment-3803204
Note: ARM platform is not supported
zhangyoufu
/ extract-installbuilder.tcl
Created
August 10, 2020 10:18
extract password-protected InstallBuilder installer
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!./tclkit | |
| ## prepare runtime environment | |
| proc init {} { | |
| ## mount optional.pak (for tcltwofish) | |
| set optionalPak installbuilder/paks/optional.pak | |
| vfs::mk4::Mount $optionalPak $optionalPak -readonly | |
| ## adjust library search path | |
| set ::auto_path [list $tcl::kitpath/lib/tcl$::tcl_version $tcl::kitpath/lib $tcl::kitpath/libraries $optionalPak/linux-x64 $tcl::kitpath] |
DanielSmon
/ New MS Teams Profile.cmd
Last active
September 30, 2025 01:45
For running multiple MS Teams accounts side by side. Save this with the name of the MS Teams profile you wish to use. When launched, a folder will be created in your user profile. See https://danielsmon.com/2020/04/02/multiple-ms-teams-accounts-on-the-desktop/.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @ECHO OFF | |
| REM Uses the file name as the profile name | |
| SET MSTEAMS_PROFILE=%~n0 | |
| ECHO - Using profile "%MSTEAMS_PROFILE%" | |
| SET "OLD_USERPROFILE=%USERPROFILE%" | |
| SET "USERPROFILE=%LOCALAPPDATA%\Microsoft\Teams\CustomProfiles\%MSTEAMS_PROFILE%" | |
| REM Ensure there is a downloads folder to avoid error described at |
I'll be organizing the plugins over time. Please submit PRs if you have any other outstanding plugins. I would like to tag each plugin with its corresponding IDA version, but it will take me a long time to test. If you can help there, please do.
If a plugin is only a source repo with no description or documentation, I am not adding it.
- Add more plugins
- Categorize plugins
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Ref = src | |
| // https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf | |
| // | |
| // Credits: | |
| // Vyacheslav Rusakov @swwwolf | |
| // Tom Bonner @thomas_bonner | |
| // | |
| #include <Windows.h> |
rahilwazir
/ vmdk_vhdx.md
Last active
January 21, 2026 21:33
Convert VMWare to Hyper-V (vmdk to vhdx)
Follow [steps][1]:
- Download: http://download.microsoft.com/download/9/1/E/91E9F42C-3F1F-4AD9-92B7-8DD65DA3B0C2/mvmc_setup.msi (thanks @xavery)
- Open Powershell as administrator and run
Import-Module 'C:\Program Files\Microsoft Virtual Machine Converter\MvmcCmdlet.psd1' - And after
ConvertTo-MvmcVirtualHardDisk -SourceLiteralPath d:\scratch\vmx\VM-disk1.vmdk -VhdType DynamicHardDisk -VhdFormat vhdx -destination c:\vm-disk1
gentaiscool
/ tensorflow.md
Last active
November 7, 2019 08:22
Building Tensorflow on CentOS 7.X from Source
I figured out how to build tensorflow from source in centOS. This process does not require any root access and you can do it anywhere. This will save your time and no need to worry much after this.
#What to prepare:
- Java 8
- Bazel
- Tensorflow
- CuDNN and CUDA toolkit (assume you have install them)
#Installation ##Bazel
NewerOlder