Fyyre / directntapi
DirectNtApi - simple method to make ntapi function call without importing or walking export table. Work under Windows 7, 8 and 10
☆49Updated 6 months ago
Related projects: ⓘ
- Helper utility for debugging windows PE/PE+ loader.☆49Updated 9 years ago
- Windows 10 UAC bypass PoC using LaunchInfSection☆34Updated 6 years ago
- Static library and headers for linking your software with ntdll.dll☆30Updated 4 years ago
- This is a simple driver with x64 inline assembly☆52Updated 4 years ago
- ☆33Updated 6 years ago
- Decrement Windows Kernel for fun and profit☆38Updated 6 years ago
- This repository contains some tools that I have written in the past☆25Updated 10 months ago
- Windbg extension that allows you analyze Control Flow Guard map☆34Updated 2 years ago
- PE Library x86☆20Updated 5 years ago
- ☆23Updated this week
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆19Updated 6 years ago
- User-mode process cross-checking utility intended to detect naive malware hiding itself by hooking IAT/EAT.☆18Updated 8 years ago
- drvtriks kernel driver for Windows 7 SP1 and 8.1 x64, that tricks around in your system.☆31Updated 6 years ago
- Library for using direct system calls☆35Updated 4 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆52Updated 5 years ago
- Takes a Windbg dumped structure (using the 'dt' command) and formats it into a C structure☆33Updated 2 months ago
- An API Monitor based on Instrumentation☆40Updated 6 years ago
- A ready-made template for a project based on libpeconv.☆40Updated last year
- win32/x64 obfuscate framework☆32Updated 5 years ago
- Dumps information about all the callback objects found in a dump file and the functions registered for them☆32Updated 3 years ago
- Simple PE packer with RtlCompressBuffer☆21Updated 8 years ago
- ☆38Updated last year
- Exploiting HEVD's WriteWhatWhereIoctlDispatch for LPE on Windows 10 TH2 through RS3 using GDI objects.☆24Updated 6 years ago
- Call 32bit NtDLL API directly from WoW64 Layer☆59Updated 3 years ago
- a binary x86win32 code obfuscator using virtual machine☆32Updated 7 years ago
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆58Updated 8 years ago
- ☆13Updated this week
- ☆44Updated 4 years ago
- Various WinDbg extensions and scripts☆31Updated 6 years ago
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆63Updated 4 years ago