MoePus / wowHijack
Run some secret code invisible from debugger single step.(x86 process on x64 windows only)
☆24Updated 5 years ago
Alternatives and similar repositories for wowHijack:
Users that are interested in wowHijack are comparing it to the libraries listed below
- Call 32bit NtDLL API directly from WoW64 Layer☆60Updated 4 years ago
- Yet another windows syscall library☆18Updated 4 years ago
- Yet another Windows DLL injector.☆39Updated 3 years ago
- ☆33Updated 3 years ago
- Dump PDB Symbols including support for Bochs Debugging Format (with wine support)☆15Updated last year
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆72Updated last year
- This is a POC for loading shared object directly from memory without accessing the actual Linux file system.☆22Updated 4 years ago
- Code Integrity Violation Spotter☆16Updated 10 months ago
- ☆12Updated 3 years ago
- ☆13Updated 2 years ago
- An API Monitor based on Instrumentation☆43Updated 7 years ago
- automates exploits using ROP chains, using ntdll-scraper☆16Updated 2 years ago
- Windbg extension that allows you analyze Control Flow Guard map☆34Updated 3 years ago
- XOrCryptEx lightweight C Utility/Algorithm☆11Updated 3 years ago
- Easily hook WIN32 x64 functions☆18Updated 2 months ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Updated last year
- Windows Application Loader Running *.Exe files in Memory against Scrylla☆21Updated 5 years ago
- A VMBR (Virtual-Machine Based Rootkit) which runs a guest OS and sends the attacker its data☆28Updated 11 months ago
- Windows Injection 101: from Zero to ROP (HITCON 2017)☆28Updated 7 years ago
- This is a simple driver with x64 inline assembly☆54Updated 4 years ago
- Windows x86 PE Packer In C++☆52Updated 5 years ago
- Helper scripts for windows debugging with symbols for Bochs and IDA Pro (PDB files). Very handy for user mode <--> kernel mode☆19Updated last year
- Anti-Analysis technique, trick the debugger by Hiding events from it.☆19Updated 3 years ago
- POC about how to prevent windbg break☆15Updated 2 years ago
- A years-old exploit of a local EoP vulnerability in Kingsoft Antivirus KWatch Driver version 2009.3.17.77.☆38Updated 3 years ago
- Detects if a Kernel mode debugger is active by reading the value of KUSER_SHARED_DATA.KdDebuggerEnabled. It is a high level and portable …☆23Updated 7 years ago
- ☆12Updated 6 years ago
- 参考taviso的代码逆向一下mpengine.dll☆19Updated 2 years ago
- ☆19Updated 5 years ago
- A benign application used to demonstrate an EDR detection. This version is procedural (i.e., not object-oriented).☆1Updated 2 years ago