MartinDrab / IRPMonLinks
The goal of the tool is to monitor requests received by selected device objects or kernel drivers. The tool is quite similar to IrpTracker but has several enhancements. It supports 64-bit versions of Windows (no inline hooks are used, only moodifications to driver object structures are performed) and monitors IRP, FastIo, AddDevice, DriverUnload…
☆391Updated 7 months ago
Alternatives and similar repositories for IRPMon
Users that are interested in IRPMon are comparing it to the libraries listed below
Sorting:
- WinDBG Anti-RootKit Extension☆637Updated 5 years ago
- Research on Windows Kernel Executive Callback Objects☆306Updated 5 years ago
- Syscall Monitor is a system monitor program (like Sysinternal's Process Monitor) using Intel VT-X/EPT for Windows7+☆745Updated 8 years ago
- Windows NT x64 syscall fuzzer☆621Updated last month
- PatchGuard Research☆303Updated 6 years ago
- Source code for File Test - Interactive File System Test Tool☆293Updated last week
- ☆226Updated 3 years ago
- Persistent IAT hooking application - based on bearparser☆260Updated 2 years ago
- zer0m0n driver for cuckoo sandbox☆362Updated 10 years ago
- Detecting execution of kernel memory where is not backed by any image file☆259Updated 7 years ago
- kHypervisor is a lightweight bluepill-like nested VMM for Windows, it provides and emulating a basic function of Intel VT-x☆431Updated 3 years ago
- DriverBuddy is an IDA Python script to assist with the reverse engineering of Windows kernel drivers.☆365Updated 5 years ago
- Monitor activity of any driver☆342Updated 4 years ago
- Detours with just single dependency - NTDLL☆646Updated 3 years ago
- This driver implements the Intel Processor Trace functionality in Intel Skylake architecture for Microsoft Windows☆456Updated 7 years ago
- Mirror of users section of rootkit.com☆298Updated 8 years ago
- windows syscall table from xp ~ 10 rs4☆353Updated 7 years ago
- Simple VM based x86 PE (portable exectuable) protector.☆364Updated 10 years ago
- SimpleSvmHook is a research purpose hypervisor for Windows on AMD processors.☆425Updated 4 years ago
- Incident Response & Digital Forensics Debugging Extension☆385Updated 6 years ago
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆230Updated 5 years ago
- Examples of leaking Kernel Mode information from User Mode on Windows☆617Updated 8 years ago
- Debug Child Process Tool (auto attach)☆296Updated 2 years ago
- A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.☆436Updated 7 years ago
- This is a collection of interesting codes about Windows Process creation.☆239Updated last year
- A small bootkit which does not rely on x64 assembly.☆499Updated 5 years ago
- ☆170Updated 10 months ago
- The Windows Library for Intel Process Trace (WinIPT) is a project that leverages the new Intel Processor Trace functionality exposed by W…☆400Updated 2 years ago
- pdbex is a utility for reconstructing structures and unions from the PDB into compilable C headers☆866Updated 2 months ago
- Hyper-V Research is trendy now☆167Updated 3 weeks ago