MartinDrab / VrtuleTree
VrtuleTree is a tool that displays information about driver and device objects present in the system and relations between them. Its functionality is very similar to famous DeviceTree, however, VrtuleTree emhasises on stability and support of latest Windows versions
☆56Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for VrtuleTree
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆66Updated 4 years ago
- Simple driver to register all available process, thread, image, Registry, and Object callbacks☆117Updated 7 years ago
- Library for kernel and user mode splicing for Windows (x86 and x64).☆62Updated 12 years ago
- Analyze PatchGuard☆53Updated 6 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆53Updated 5 years ago
- Standalone program to download PDB Symbol files for debugging without WDK☆73Updated 5 years ago
- WinDbg debugger extension library providing various tools to analyse, dump and fix (restore) Microsoft Portable Executable files for both…☆81Updated 2 months ago
- Advance LPC☆59Updated 7 years ago
- ntdll.h - compatible with MSVC 6.0, Intel C++ Compiler and MinGW. Serves as a complete replacement for Windows.h☆128Updated 5 years ago
- Windows_OS_Internals_Curriculum_Resource_Kit-ACADEMIC☆23Updated 5 years ago
- A software driver that lets you log kernel-mode debug output into a file on Windows.☆96Updated 6 years ago
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆134Updated 5 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆102Updated 4 years ago
- Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.☆72Updated 13 years ago
- kernel-mode TDI client which can send and receive HTTP requests☆55Updated 6 years ago
- GetHooks is a program designed for the passive detection and monitoring of hooks from a limited user account.☆61Updated 3 years ago
- POC of sysenter x64 LSTAR MSR hook☆38Updated 10 years ago
- Takes a Windbg dumped structure (using the 'dt' command) and formats it into a C structure☆33Updated 4 months ago
- Three Tiny Examples of Directly Using Vista's NtCreateUserProcess☆85Updated 9 years ago
- Simple proof of concept code for injecting libraries on 64bit processes from a 32bit process☆93Updated 6 years ago
- This program can retrieve signature information from PE files which signed by one or more certificates on Windows. Supporting multi-signe…☆98Updated 2 years ago
- UNIPE - A small framwork to execute PE files with UniCorn☆44Updated 6 years ago
- An example of a client and server using Windows' ALPC functions to send and receive data.☆89Updated 4 years ago
- Helper utility for debugging windows PE/PE+ loader.☆50Updated 9 years ago
- Windbg2ida lets you dump each step in Windbg then shows these steps in IDA☆73Updated 4 months ago
- File system minifilter driver for Windows to block symbolic link attacks.☆51Updated 3 years ago
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆74Updated 4 years ago
- This repository contains some tools that I have written in the past☆26Updated 11 months ago
- View handles and object for each object type☆62Updated 5 years ago