Windows 10 PE image loader (LDR) NTDLL component toolbox
☆50Oct 22, 2019Updated 6 years ago
Alternatives and similar repositories for LoaderWatch
Users that are interested in LoaderWatch are comparing it to the libraries listed below
Sorting:
- Portable Executable launcher for Windows NT bypassing loader☆74Sep 4, 2025Updated 5 months ago
- Windows 32/64-bit Include files and Import Libraries☆16May 26, 2022Updated 3 years ago
- P2C Loader based on blackbone, used by isolation.top and others.☆13Jan 2, 2018Updated 8 years ago
- Simple library to handle PE files loading, relocating, get/set data, ..., in addition to process handling☆32Aug 7, 2019Updated 6 years ago
- Unicorn PE function runner☆59Jul 4, 2017Updated 8 years ago
- DLL and API hooking example to hide running in a Terminal Session☆21Jun 5, 2020Updated 5 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆73Aug 11, 2023Updated 2 years ago
- VCL-based UI components for system tools that use NtUtilsLibrary☆21Nov 20, 2025Updated 3 months ago
- improving zerosums smbdoor - a silent remote backdoor which abuses undoc. APIs in srvnet.sys☆49Mar 10, 2023Updated 2 years ago
- Windows hard shutdown shellcode. Don't need administrator rights.☆14Mar 31, 2016Updated 9 years ago
- An advanced DKOM for drivers with "DRIVER_OBJECT"☆22Feb 19, 2023Updated 3 years ago
- Application Verifier Dynamic Fault Injection☆40Jan 12, 2026Updated last month
- x64 syscall caller in C++.☆93Jun 23, 2018Updated 7 years ago
- ☆21Jul 18, 2017Updated 8 years ago
- External Hooking ( Bypasss process byte patching checks | Injector included )☆22Mar 12, 2023Updated 2 years ago
- clone of armadillo patched for windows☆48Oct 22, 2024Updated last year
- C++ Exceptions in Windows Drivers☆221Dec 21, 2020Updated 5 years ago
- Reverse Engineering a signed kernel driver packed and virtualized with VMProtect 3.6☆105Apr 28, 2023Updated 2 years ago
- Demonstrate the behavior of the tunnel cache on Windows☆11Aug 13, 2019Updated 6 years ago
- Files related to my presentation at SigSegV2 conference in 2019. You can find related papers on my blog☆13Dec 12, 2019Updated 6 years ago
- An example of how a driver can register a handle creation callback.☆16Jun 12, 2023Updated 2 years ago
- ☆11Jul 11, 2023Updated 2 years ago
- SyscallLoader☆11Sep 13, 2021Updated 4 years ago
- Record & prevent file deletion in kernel mode☆46Jul 22, 2020Updated 5 years ago
- msvcr14x is a program that allows programs compiled with VC2015 and above not to rely on a bunch of useless API-Ms-win-starting DLLS☆73Nov 18, 2025Updated 3 months ago
- A class to gather information about a process, its threads and modules.☆23Mar 23, 2020Updated 5 years ago
- A tool that reads a PE file from a byte array buffer and injects it into memory.☆28Aug 5, 2019Updated 6 years ago
- A Hobbyist Operating System based off the ReactOS/NT Kernel experimenting with OS Development.☆29Jul 29, 2012Updated 13 years ago
- Provide an easy way to use C Run-time Library from Windows Kernel exported from ntdll.dll in your user-mode applications☆62Aug 12, 2024Updated last year
- Dump Windows registry hives as text.☆17Feb 9, 2019Updated 7 years ago
- RegFineViewer is an utility to visualize and navigate easily the Windows Registry☆18Jan 20, 2021Updated 5 years ago
- ☆12Aug 10, 2019Updated 6 years ago
- A wrapper library around native windows sytem APIs☆10Dec 23, 2019Updated 6 years ago
- Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle…☆16Jan 7, 2023Updated 3 years ago
- ☆11Mar 11, 2015Updated 10 years ago
- Miscellaneous Code and Docs☆83Jul 12, 2025Updated 7 months ago
- too busy for that all, furikuri is framework for code protection☆164Nov 2, 2019Updated 6 years ago
- Standalone program to download PDB Symbol files for debugging without WDK☆80Jun 20, 2019Updated 6 years ago
- Protects deletion of files with a specified extension using a kernel-mode driver.☆76Jul 16, 2018Updated 7 years ago