Alternatives and similar repositories for IRPMon

Users that are interested in IRPMon are comparing it to the libraries listed below

• MartinDrab / VrtuleTree

  View on GitHub
  VrtuleTree is a tool that displays information about driver and device objects present in the system and relations between them. Its func…
  ☆60Feb 28, 2021Updated 4 years ago
• swwwolf / wdbgark

  View on GitHub
  WinDBG Anti-RootKit Extension
  ☆645Jul 29, 2020Updated 5 years ago
• zodiacon / DriverMon

  View on GitHub
  Monitor activity of any driver
  ☆353Nov 2, 2020Updated 5 years ago
• KelvinMsft / kHypervisor

  View on GitHub
  kHypervisor is a lightweight bluepill-like nested VMM for Windows, it provides and emulating a basic function of Intel VT-x
  ☆443Nov 29, 2021Updated 4 years ago
• hfiref0x / WinObjEx64

  View on GitHub
  Windows Object Explorer 64-bit
  ☆1,883Updated this week
• tandasat / GuardMon

  View on GitHub
  Hypervisor based tool for monitoring system register accesses.
  ☆153Sep 13, 2018Updated 7 years ago
• FSecureLABS / win_driver_plugin

  View on GitHub
  A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.
  ☆438Aug 22, 2018Updated 7 years ago
• wbenny / KSOCKET

  View on GitHub
  KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK
  ☆541Sep 2, 2022Updated 3 years ago
• MagnetForensics / SwishDbgExt

  View on GitHub
  Incident Response & Digital Forensics Debugging Extension
  ☆386Dec 11, 2018Updated 7 years ago
• IgorKorkin / MemoryRanger

  View on GitHub
  MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…
  ☆232Jul 26, 2020Updated 5 years ago
• 4d61726b / VirtualKD-Redux

  View on GitHub
  VirtualKD-Redux - A revival and modernization of VirtualKD
  ☆952Jun 23, 2024Updated last year
• OSRDrivers / kmexts

  View on GitHub
  Simple driver to register all available process, thread, image, Registry, and Object callbacks
  ☆124Oct 5, 2017Updated 8 years ago
• Professor-plum / Reflective-Driver-Loader

  View on GitHub
  ☆409Mar 1, 2017Updated 8 years ago
• wbenny / pdbex

  View on GitHub
  pdbex is a utility for reconstructing structures and unions from the PDB into compilable C headers
  ☆890Jun 18, 2025Updated 7 months ago
• Nukem9 / VirtualDbg

  View on GitHub
  Test code only. Not reliable for actual use.
  ☆63Jan 1, 2016Updated 10 years ago
• intelpt / WindowsIntelPT

  View on GitHub
  This driver implements the Intel Processor Trace functionality in Intel Skylake architecture for Microsoft Windows
  ☆463Apr 17, 2018Updated 7 years ago
• tandasat / RemoteWriteMonitor

  View on GitHub
  A tool to help malware analysts tell that the sample is injecting code into other process.
  ☆78Aug 12, 2015Updated 10 years ago
• tandasat / MemoryMon

  View on GitHub
  Detecting execution of kernel memory where is not backed by any image file
  ☆262Jul 11, 2018Updated 7 years ago
• sysprogs / VirtualKD

  View on GitHub
  ☆228Oct 9, 2021Updated 4 years ago
• KelvinMsft / ScreenCapAttack

  View on GitHub
  ☆36Oct 29, 2020Updated 5 years ago
• sam-b / windows_kernel_address_leaks

  View on GitHub
  Examples of leaking Kernel Mode information from User Mode on Windows
  ☆629Jul 7, 2017Updated 8 years ago
• hzqst / Syscall-Monitor

  View on GitHub
  Syscall Monitor is a system monitor program (like Sysinternal's Process Monitor) using Intel VT-X/EPT for Windows7+
  ☆747Jun 26, 2017Updated 8 years ago
• stormshield / Beholder-Win32

  View on GitHub
  A sample on how to inject a DLL from a kernel driver
  ☆61Sep 13, 2016Updated 9 years ago
• tandasat / DdiMon

  View on GitHub
  Monitoring and controlling kernel API calls with stealth hook using EPT
  ☆1,352Jan 22, 2022Updated 4 years ago
• secrary / Hooking-via-InstrumentationCallback

  View on GitHub
  codes for my blog post: https://secrary.com/Random/InstrumentationCallback/
  ☆183Nov 30, 2017Updated 8 years ago
• swwwolf / cbtest

  View on GitHub
  Windows kernel-mode callbacks tutorial driver
  ☆48Aug 8, 2016Updated 9 years ago
• tandasat / EopMon

  View on GitHub
  Elevation of privilege detector based on HyperPlatform
  ☆124Mar 5, 2017Updated 8 years ago
• IgorKorkin / AllMemPro

  View on GitHub
  AllMemPro
  ☆46Jan 15, 2018Updated 8 years ago
• BrunoMCBraga / Kernel-Whisperer

  View on GitHub
  ☆29Jan 15, 2021Updated 5 years ago
• wjcsharp / Common

  View on GitHub
  Shareds for kernel developement
  ☆29Dec 23, 2013Updated 12 years ago
• markhc / windbg_to_c

  View on GitHub
  Translates WinDbg "dt" structure dump to a C structure
  ☆134Oct 16, 2016Updated 9 years ago
• rwfpl / rewolf-wow64ext

  View on GitHub
  Helper library for x86 programs that runs under WOW64 layer on x64 versions of Microsoft Windows operating systems.
  ☆1,000Jan 17, 2023Updated 3 years ago
• Nukem9 / VirtualDbgHide

  View on GitHub
  Test code only. Not suitable for actual use.
  ☆96Apr 19, 2015Updated 10 years ago
• AntiRootkit / BDArkit

  View on GitHub
  just an lite AntiRootkit for interesting
  ☆24Dec 9, 2015Updated 10 years ago
• DarthTon / HyperBone

  View on GitHub
  Minimalistic VT-x hypervisor with hooks
  ☆925Oct 18, 2019Updated 6 years ago
• wbenny / injdrv

  View on GitHub
  proof-of-concept Windows Driver for injecting DLL into user-mode processes using APC
  ☆1,269May 1, 2024Updated last year
• hfiref0x / UPGDSED

  View on GitHub
  Universal PatchGuard and Driver Signature Enforcement Disable
  ☆864Mar 29, 2019Updated 6 years ago
• Frenda / libScanHook

  View on GitHub
  ☆48Jun 19, 2017Updated 8 years ago
• 0xcpu / ExecutiveCallbackObjects

  View on GitHub
  Research on Windows Kernel Executive Callback Objects
  ☆315Feb 22, 2020Updated 5 years ago