0xeb / WinToolsLinks
A collection of free miscellaneous Windows tools
☆135Updated 10 months ago
Alternatives and similar repositories for WinTools
Users that are interested in WinTools are comparing it to the libraries listed below
Sorting:
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆299Updated last year
- Document ETW providers☆236Updated 5 years ago
- Sysmon-Like research tool for ETW☆354Updated 2 years ago
- Run Processes as PPL with ELAM☆163Updated 3 years ago
- View ETW Provider manifest☆498Updated 7 months ago
- Named pipe I/O ETW provider for Windows☆70Updated 4 years ago
- API Set Viewer☆89Updated 5 months ago
- RPC Monitor tool based on Event Tracing for Windows☆357Updated 10 months ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆143Updated 4 years ago
- Windows Registry Knowledge Base☆175Updated 8 months ago
- A WinDbg extension to trace COM interactions☆114Updated last year
- Parser to process monitor file formats☆145Updated 2 years ago
- ☆62Updated last year
- Documentation and supporting script sample for Windows Exploit Guard☆156Updated 3 years ago
- PE Viewer☆182Updated 5 months ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆75Updated 5 months ago
- A command tree based on commands and extensions for Windows Kernel Debugging.☆108Updated 4 years ago
- A PowerShell module to facilitate building, configuring, deploying, and auditing Windows Defender Application Control (WDAC) policies☆218Updated 3 years ago
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆143Updated 6 years ago
- Run any executable as SYSTEM account (no service required)☆130Updated last year
- Expand compressed files from WinSxS folder☆158Updated this week
- Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) …☆109Updated 4 years ago
- PoC memory injection detection agent based on ETW, for offensive and defensive research purposes☆277Updated 4 years ago
- Extract Windows Defender database from vdm files and unpack it☆443Updated this week
- Run executables in an AppContainer☆122Updated 6 years ago
- Analysis and manipulation of extended attribute ($EA) on NTFS☆38Updated 9 years ago
- AppCompatCache (shimcache) parser. Supports Windows 7 (x86 and x64), Windows 8.x, and Windows 10☆118Updated 5 months ago
- DotNext 2019 St. Petersburg Talk Demos☆40Updated 6 years ago
- Advanced driver monitoring utility.☆212Updated 2 years ago
- SysmonX - An Augmented Drop-In Replacement of Sysmon☆215Updated 5 years ago