WildByDesign / win32-appcontainer-toolsLinks
AppContainer tools for launching sandboxed win32 apps, changing ACL permissions and learning from ETW traces.
☆22Updated 4 months ago
Alternatives and similar repositories for win32-appcontainer-tools
Users that are interested in win32-appcontainer-tools are comparing it to the libraries listed below
Sorting:
- ☆15Updated last year
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆17Updated last year
- Code samples that serve as references for Windows API functions☆33Updated last year
- Repository of Microsoft Driver Block Lists based off of OS-builds☆39Updated last year
- Rust PowerShell Hosting Library☆16Updated 11 months ago
- ☆25Updated last year
- PS-MOTW: PowerShell scripts to set / show / remove MOTW (Mark of the Web)☆43Updated last year
- Windows Detour Hooking in PowerShell☆82Updated last year
- WinDbg installer/updater☆41Updated 2 years ago
- Short Python script for parsing Defender VDM signature files.☆10Updated 11 months ago
- A fully compatible replacement of Windows NT NtCreateLowBoxToken syscall - precisely restored from reverse engineering☆41Updated 2 months ago
- Windows kernel PDB data parsed into YAML☆39Updated 9 months ago
- Example of building an application verifer DLL☆50Updated last year
- Auditing Hooks for https://github.com/jborean93/PSDetour☆13Updated 4 months ago
- Contains all the applications developed for the Second part of the 7th Edition of Windows Internals book☆112Updated last year
- a tiny program to consume from ETW providers for research☆51Updated 8 months ago
- A WinDbg extension to trace COM interactions☆121Updated 3 weeks ago
- Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…☆79Updated 2 months ago
- ☆24Updated last month
- A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.☆32Updated 2 years ago
- Research into COM☆19Updated 5 years ago
- ☆71Updated 2 years ago
- rpv-web is a browser based frontend for the rpv library☆26Updated 3 months ago
- break link between dll and it file on disk☆11Updated last year
- List the ETW provider(s) in the registration table of a process.☆63Updated last year
- Research on obfuscated licensing APIs / CLIP service in the Windows kernel☆120Updated 3 years ago
- ☆28Updated 2 years ago
- Example/starter code for custom Windows application compatibility shims☆35Updated 4 years ago
- A C DLL that can control powershell☆48Updated 5 years ago
- Simple example for getting started with eBPF for Windows☆47Updated 6 months ago