https://github.com/adamhlt/Basic-Rootkit/tree/main
https://github.com/lcsig/API-Hooking
ring3层恶意代码实例汇总 - 知乎
内核驱动注入DLL: 使用火绒的思路从R0往R3进程注入
https://www.ired.team/offensive-security/defense-evasion/bypassing-cylance-and-other-avs-edrs-by-unhooking-windows-apis
https://github.com/ethereal-vx/Antivirus-Artifacts/blob/main/AntivirusArtifacts2.pdf
内核驱动注入DLL: 使用火绒的思路从R0往R3进程注入 - Gitee.com
https://github.com/Mr-Un1k0d3r/EDRs