360trev / PELoadFromRam
Very very useful example of loading and relocating the (Win32) DLL from memory (!) which allows many possibilities and much more flexibility to dynamically link code from many sources including realtime download from the web and also code signing!
☆21Updated 12 years ago
Alternatives and similar repositories for PELoadFromRam:
Users that are interested in PELoadFromRam are comparing it to the libraries listed below
- PE Infector/Cryptor source code☆15Updated 7 years ago
- An aggregate of tools used in the core of vmp_dbg plus other parsing utils to parse vmp bc.☆15Updated 8 years ago
- wow64 syscall filter☆13Updated 10 years ago
- eyuyan image rebuild tools source code☆13Updated 8 years ago
- Minifilter Driver☆15Updated 8 years ago
- Pafish4vs is based on [Pafish]( https://github.com/a0rtega/pafish) , just ported to the VS (VC) compiler (X64 , X86) .☆13Updated 8 years ago
- Notes my learning steps about Windows-NT☆23Updated 7 years ago
- Final Transparent encrypted version☆14Updated 8 years ago
- A tool similar to netcat, but tunneled over DNS☆18Updated 8 years ago
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Updated 8 years ago
- Kernel (Ring0) - SSDT unhook driver☆14Updated 7 years ago
- windows create process with a dll load first time via LdrHook☆30Updated 8 years ago
- metasploit loader with antivirus bypass module☆17Updated 8 years ago
- this is a small example for NDIS Firewall☆25Updated 9 years ago
- Hook APIs and send data back to another process with Google Protobufs☆2Updated 2 years ago
- ☆12Updated 8 years ago
- TrueCrypt 7.2 — (Source Codes)☆8Updated 8 years ago
- Ssdt Hook Detection tool☆13Updated 8 years ago
- ☆7Updated 7 years ago
- ☆14Updated 9 years ago
- Analysis and Modification Tool for Executables☆16Updated 6 years ago
- The dll that can hide itself and then delete itselft.☆30Updated 11 years ago
- A library that allows hook any imported function from the IAT (works only in x64)☆11Updated 5 years ago
- ☆25Updated 4 years ago
- library, which help to describe or load and execute PE files.☆12Updated 11 years ago
- Lists work items being queued currently.☆13Updated 9 years ago
- This tool will extract the opcodes from the .text section and display in different hex formats for different syntaxes. Works only with va…☆15Updated 9 years ago
- Windows registry files interactive viewer☆9Updated 7 years ago
- use crystalCPUID to identify vt-x & amd-v☆16Updated 9 years ago
- ☆10Updated 7 years ago