← Back to Skills

Windows Kernel Security

🌐Community
by gmh5225 · vlatest · Repository

Analyzes Windows kernel memory and processes to detect anomalies indicative of malware or privilege escalation attempts.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add windows-kernel-security npx -- -y @trustedskills/windows-kernel-security
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "windows-kernel-security": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/windows-kernel-security"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill enables AI agents to analyze Windows kernel internals for security research, specifically focusing on detecting anomalies indicative of malware or privilege escalation attempts. It provides insights into object callbacks, process and image notifications, APC behavior, driver loading, trust enforcement, memory management structures, and other areas frequently inspected by anti-cheat systems. The skill's analysis covers critical kernel structures and features like PatchGuard, Driver Signature Enforcement (DSE), Hypervisor Code Integrity (HVCI), and Secure Boot.

When to use it

  • Investigating potential cheating or tampering within a game environment.
  • Analyzing system behavior for signs of malicious driver activity.
  • Understanding the impact of driver signature enforcement on kernel functionality.
  • Debugging issues related to driver loading and operation.
  • Researching vulnerabilities in Windows kernel components.

Key capabilities

  • Analysis of critical kernel structures (EPROCESS, ETHREAD, KTHREAD, PEB, DEVICE_OBJECT, etc.).
  • Examination of key tables like SSDT, IDT, GDT, and PspCidTable.
  • Understanding PatchGuard's protection mechanisms and BSOD triggers.
  • Evaluation of Driver Signature Enforcement (DSE) and its verification process.
  • Insight into Hypervisor Code Integrity (HVCI) and driver compatibility requirements.
  • Analysis of Secure Boot processes, including UEFI boot verification and kernel signature checks.
  • Investigation of callback routines like PsSetCreateProcessNotifyRoutine and ObRegisterCallbacks.
  • Understanding APC (Asynchronous Procedure Call) behavior and related functions.

Example prompts

  • "Explain how PatchGuard protects critical kernel structures."
  • "Describe the process of Driver Signature Enforcement in Windows."
  • "What are common vulnerabilities exploited through vulnerable drivers?"
  • "Analyze the system for signs of unauthorized driver loading."

Tips & gotchas

  • This skill requires a strong understanding of Windows kernel internals.
  • The analysis focuses on security research and may not provide solutions to specific problems without further investigation.
  • Be aware that tampering with kernel structures can lead to system instability (BSOD).
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
gmh5225
Installs
67
Repository (canonical source) →

🌐 Community

Passed automated security scans.