D
DioProcess
v3.1.0 — Security Research Tool

Advanced Windows Process Monitor

The God Process for Windows. Dio means God in Latin — DioProcess is the ultimate process manager and security research toolkit.

Built with Rust andDioxus for maximum performance.

Get StartedJoin Discord
Rust 2021Dioxus 0.6Windows 10/11Intel VT-xWDM Driver

Four Layers of Power

From usermode APIs to hypervisor-level control, DioProcess provides comprehensive system access for security research and analysis.

Ring 3
Usermode Features
Comprehensive process monitoring and manipulation using Windows APIs
  • Process, thread, handle, module enumeration
  • 7 DLL injection methods (LoadLibrary to Manual Map)
  • 3 shellcode injection techniques
  • Process hollowing, ghosting, herpaderping
  • Hook detection and DLL unhooking
  • Token theft and impersonation
Ring 0
Kernel Driver
Direct kernel structure manipulation via custom WDM driver
  • Process protection (PPL) manipulation
  • Token privilege escalation (40 privileges)
  • Callback enumeration and removal
  • PspCidTable enumeration (hidden process detection)
  • Minifilter enumeration and unlinking
  • Real-time system event capture (17 event types)
Ring -1
Hypervisor
Intel VT-x based hypervisor for Ring -1 operations
  • EPT hooks (Hex, Assembly, Detour modes)
  • Physical memory scanner via CR3 page table walk
  • Ring -1 shellcode and DLL injection
  • Process hiding from Ring 0 enumeration
  • Driver hiding via EPT manipulation
  • .dph hook script system for portable hooks
EFI
UEFI Bootkit
Boot-time kernel patching via UEFI DXE driver
  • Driver Signature Enforcement (DSE) bypass
  • PatchGuard (KPP) bypass
  • Custom boot animation support
  • NVRAM-based configuration persistence
  • ExitBootServices hook architecture
  • EDK2-based DXE driver

Comprehensive Capabilities

DLL Injection

7 methods: LoadLibrary, Thread Hijack, APC Queue, EarlyBird, Remote Mapping, Function Stomping, Manual Map

Shellcode Injection

Classic, Web Staging (download from URL), and Threadless (hook-based, no new threads)

Process Masquerading

Hollowing, Ghosting, Ghostly Hollowing, Herpaderping, Herpaderping Hollowing

Hook Detection

IAT scanning for E9/E8/EB/FF25/MOV+JMP patterns with automatic unhooking

Security Research

PPL manipulation, privilege escalation, debug flag clearing, callback removal

System Events

Real-time capture of 17 kernel event types with SQLite persistence

Security Research Tool

DioProcess is designed for authorized security research and testing only. The capabilities provided can bypass Windows security mechanisms and should only be used on systems you own or have explicit permission to test.

  • Requires administrator privileges
  • Kernel driver requires test signing mode or valid signature
  • Hypervisor features require Hyper-V to be disabled
  • UEFI bootkit requires Secure Boot to be disabled

Ready to explore? Check out the documentation to get started.

Read the Docs