Dabudabot / injection-monitor
Kernel based monitor to check if specified process loads libraries only from allowed directories
☆11Updated 4 years ago
Related projects ⓘ
Alternatives and complementary repositories for injection-monitor
- Various libraries focused on examining/parsing NTFS-specific structures☆16Updated 9 years ago
- DirectNtApi - simple method to make ntapi function call without importing or walking export table. Work under Windows 7, 8 and 10☆52Updated 8 months ago
- Notes my learning steps about Windows-NT☆22Updated 7 years ago
- Static library and headers for linking your software with ntdll.dll☆30Updated 4 years ago
- C++ wrapper for the Windows structured storage implementation known as Compound Files☆18Updated 4 years ago
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Updated 7 years ago
- Simple tool for unpacking packed/protected malware executables.☆32Updated 13 years ago
- ☆32Updated 4 years ago
- simple plugin for lastest olly versions to display the callstack☆15Updated 11 years ago
- Terminates a process by using DuplicateHandle and DUPLICATE_CLOSE_SOURCE flag.☆9Updated 10 years ago
- File downloader with SSL support and progress bar☆19Updated 7 years ago
- Helper utility for debugging windows PE/PE+ loader.☆50Updated 9 years ago
- MBR manipulation tool☆16Updated 10 years ago
- A Win32 PE/Executable Crypter that employs on the fly encryption & decryption of memory☆33Updated 10 years ago
- penter hook example and driver time recorder☆31Updated 7 years ago
- Simple PE packer with RtlCompressBuffer☆21Updated 9 years ago
- A tool to investigate the Windows device manager☆14Updated 5 years ago
- WoW64 -> x64☆18Updated 8 years ago
- Open Source Libraries Collection☆24Updated 8 years ago
- A simple ransomware defender.It uses minifilter to filt "rewrite" and "delete" events in kernel.And it handles event in user mode.☆27Updated 6 years ago
- use crystalCPUID to identify vt-x & amd-v☆16Updated 9 years ago
- Monitor and protect processes use "PsSetCreateProcessNotifyRoutineEx" and kernel ssdt hook.☆12Updated 5 years ago
- Simple executable packer☆10Updated 10 years ago
- Various WinDbg extensions and scripts☆31Updated 6 years ago
- Ssdt Hook Detection tool☆12Updated 8 years ago
- Decompile an x86 exe, and read PE infos.☆19Updated 6 years ago
- Final Transparent encrypted version☆14Updated 7 years ago
- This repository contains some tools that I have written in the past☆26Updated last year
- Native file compressor using only the ntdll.dll☆9Updated 6 years ago