{"id":27348644,"url":"https://github.com/pspexitthread/kernel-tools","last_synced_at":"2025-04-12T18:30:46.915Z","repository":{"id":270997527,"uuid":"911627144","full_name":"PspExitThread/Kernel-Tools","owner":"PspExitThread","description":"Anti-Rootkit","archived":false,"fork":false,"pushed_at":"2025-03-15T12:32:07.000Z","size":90462,"stargazers_count":7,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-26T12:47:06.960Z","etag":null,"topics":["anti-rootkit","ark","debugger","driver","drivers","dse","hvci","kernel","kernel-tools","patchguard","pchunter","tools","windows","windowskernel"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PspExitThread.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-03T13:15:27.000Z","updated_at":"2025-03-15T12:32:10.000Z","dependencies_parsed_at":"2025-01-20T10:22:18.378Z","dependency_job_id":"772e2981-5c50-431a-9f59-fe51083f790e","html_url":"https://github.com/PspExitThread/Kernel-Tools","commit_stats":null,"previous_names":["kalimcs/kernel-tools","pspexitthread/kernel-tools"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PspExitThread%2FKernel-Tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PspExitThread%2FKernel-Tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PspExitThread%2FKernel-Tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PspExitThread%2FKernel-Tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PspExitThread","download_url":"https://codeload.github.com/PspExitThread/Kernel-Tools/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248613183,"owners_count":21133457,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anti-rootkit","ark","debugger","driver","drivers","dse","hvci","kernel","kernel-tools","patchguard","pchunter","tools","windows","windowskernel"],"created_at":"2025-04-12T18:30:46.106Z","updated_at":"2025-04-12T18:30:46.910Z","avatar_url":"https://github.com/PspExitThread.png","language":null,"readme":"# This version has been deprecated and is no longer in development, so stay tuned for a new version\n\n## This version is deprecated, so go here\n\nhttps://github.com/PspExitThread/SKT64\n\n\n\n# Kernel-Tools\nKernel-Tools is an Ark tool on the Windows platform          \nIt's a completely free tool                \nsupport Windows 10 - Windows11          \n\n\n### Features\n\n1. View Process\\Drivers\\SystemCallBacks\\SystemNotifys\\MiniFilters\\IDT\\SSDT\\SSSDT\\IoTimer.....\n2. Hide Process\n3. Force Hide Process(Erase PspCidTable\\Set Pid To 0 ...)\n4. TerminateProcess(ZwTerminateProcess)\n5. ForceTerminateProcess(Ignore any process protections)\n6. SetProcessPP(L)s\n7. SetProcessPid\n8. Set Process To System Critical Process\n9. SuspendProcess\n10. ResumeProcess\n11. ProtectProcess\n12. DIKS/FSD/ScSi/Acpi/AtApi/KeyBoard/Mouse/PartMgr Hook Scan/Remove\n13. Prohibit CreateProcess/LoadDriver/Edit Registry/CreateFile/READ WRITE Disk BOOT Sector\n14. Dynamic Disable Driver Signature Enforcement / Enable Driver Signature Enforcement\n15. ForceDeleteFile(Ignore Irp Occupation/HardLink/Handle Occupation)\n16. FastShutDown\n17. FastReboot\n18. Disable PatchGuard\n19. Disable Hvci and DSE\n20. Hide Driver\n21. Prohibit INIT Firmware\n22. Permanent Disable PatchGuard\n23. Disable/Enable ObCallbacks\n24. Bypass anti-screenshots\n25. Execute BSOD\n\n\n### Commandline\n\n1. \"Kernel Tools.exe\" -ddse (Dynamic Disable Driver Signature Enforcement)\n2. \"Kernel Tools.exe\" -edse (Dynamic Enable Driver Signature Enforcement)\n3. \"Kernel Tools.exe\" -reboot (fastreboot)\n4. \"Kernel Tools.exe\" -shutdown (fastshutdown)\n5. \"Kernel Tools.exe\" -prohibitcreatefile (prohibitcreatefile)\n6. \"Kernel Tools.exe\" -disabledprohibitcreatefile (disabledprohibitcreatefile)\n7. \"Kernel Tools.exe\" -forcedeletefile (forcedeletefile(The only entry point for ForceDeleteFile))\n8. \"Kernel Tools.exe\" -irpdeletefile(deletefile(The only entry point for DeleteFile))\n\n\n### How to use\n\n1. Disabled HVCI\n2. Open Kernel Tools.exe\n3. Select No in the pop-up selection box\n4. Wait to enter\n\n\n# Kernel-Views\n### Drivers\nEnum                  \n1. Driver Name\n2. Driver Base\n3. Driver Object\n4. Driver Path\n\nFeatures:                    \nForceUnloadDriver   \nHidden Driver                                                \n\n\n### System Callbacks/Notifys\nEnum       \n1. PsSetCreateProcessNotifyRoutine\n2. PsSetCreateProcessNotifyRoutineEx\n3. PsSetCreateProcessNotifyRoutineEx2\n4. PsSetCreateThreadNotifyRoutine\n5. PsSetCreateThreadNotifyRoutineEx\n6. PsSetLoadImageNotifyRoutine\n7. PsSetLoadImageNotifyRoutineEx\n8. KeRegisterBugCheckCallback\n9. KeRegisterBugCheckReasonCallback\n10. CmRegisterCallback\n11. CmRegisterCallbackEx\n12. IoRegisterShutdownNotification\n13. IoRegisterLastChanceShutdownNotification\n14. PoRegisterPowerSettingCallback\n15. IoRegisterFsRegistrationChange\n16. KeRegisterNmiCallback\n17. SeCiCallbacks\n18. PoRegisterCoalescingCallback\n19. IoRegisterPriorityCallback\n20. PsRegisterAltSystemCallHandler\n21. DbgSetDebugPrintCallback\n22. ObRegisterCallBacks\n\nFeatures:\n\nEnum Type/Entry Address/Module  \nDisabled Callback/Notify    \n\n\n\n### MiniFiler\nEnum      \n1. Filter\n2. Pre Operation\n3. Post Operation\n4. Module\n\nFeatures:\nRemove MiniFilter                 \n\n\n### SSDT\nEnum                 \n1. Function Name\n2. Function Address\n3. Module\n\nFeatures:\n\nSSDT Hook Scan\n\n### IDT\nEnum         \n1. IDT Function Address\n2. Module\n\n\n### IoTimer\nEnum           \n1. IoTimer Object Address\n2. IoTimer Entry Address\n3. Module\n\n\n\n\n\n\n# Precautions\n\n### The following features are available in virtual machines\n\n1. Disable PatchGuard\n2. Permanent Disable PatchGuard\n3. Prohibit INIT Firmware\n\nIf you do not use the virtual machine and cause any damages, the author will not be held responsible！                           \nPlease do not attempt to delete system files using forcedeletefile!\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpspexitthread%2Fkernel-tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpspexitthread%2Fkernel-tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpspexitthread%2Fkernel-tools/lists"}