andrew-boyarshin / LoaderWatchLinks
Windows 10 PE image loader (LDR) NTDLL component toolbox
☆49Updated 5 years ago
Alternatives and similar repositories for LoaderWatch
Users that are interested in LoaderWatch are comparing it to the libraries listed below
Sorting:
- Miscellaneous Code and Docs☆82Updated last month
- A driver to intercept low level windows events☆63Updated 5 years ago
- ☆33Updated 6 years ago
- Standalone program to download PDB Symbol files for debugging without WDK☆79Updated 6 years ago
- Driver demonstrating how to register a DPC to asynchronously wait on an object☆49Updated 4 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆110Updated 5 years ago
- Three Tiny Examples of Directly Using Vista's NtCreateUserProcess☆88Updated 9 years ago
- DirectNtApi - simple method to make ntapi function call without importing or walking export table. Work under Windows 7, 8 and 10☆53Updated last year
- Kernel Pool Monitor☆128Updated 3 years ago
- ntdll.h - compatible with MSVC 6.0, Intel C++ Compiler and MinGW. Serves as a complete replacement for Windows.h☆143Updated 6 years ago
- View handles and object for each object type☆64Updated 5 years ago
- File system minifilter driver for Windows to block symbolic link attacks.☆52Updated 4 years ago
- Debug Print viewer (user and kernel)☆68Updated last year
- Static library and headers for linking your software with ntdll.dll☆33Updated 5 years ago
- C++ library for low-level Windows development☆79Updated last year
- c++ implementation of windows heavens gate☆72Updated 4 years ago
- This repository contains some tools that I have written in the past☆28Updated last year
- Import library generator for x86 PE files☆58Updated 6 years ago
- Simple windows API logger☆108Updated 5 years ago
- Advance LPC☆70Updated 8 years ago
- ☆67Updated 3 years ago
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆144Updated 6 years ago
- Lightweight Portable Executable parsing library and a demo peParser application.☆81Updated 2 years ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆146Updated 4 years ago
- A reflexive driver loader to bypass Windows DSE (featuring a custom PE loader)☆41Updated 6 years ago
- VrtuleTree is a tool that displays information about driver and device objects present in the system and relations between them. Its func…☆60Updated 4 years ago
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆85Updated 4 years ago
- WinDbg debugger extension library providing various tools to analyse, dump and fix (restore) Microsoft Portable Executable files for both…☆84Updated last year
- Simple proof of concept code for injecting libraries on 64bit processes from a 32bit process☆96Updated 6 years ago
- A simple password-based PE encryptor for Windows 32-bit executables.☆52Updated 7 months ago