avast / pe_tools
A cross-platform Python toolkit for parsing/writing PE files.
☆65Updated 9 months ago
Alternatives and similar repositories for pe_tools:
Users that are interested in pe_tools are comparing it to the libraries listed below
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆81Updated 4 years ago
- An experimental dynamic malware unpacker based on Intel Pin and PE-sieve☆59Updated 7 months ago
- A ready-made template for a project based on libpeconv.☆46Updated last month
- Three Tiny Examples of Directly Using Vista's NtCreateUserProcess☆87Updated 9 years ago
- ☆25Updated 2 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Updated last year
- Authenticode-parser is a simple C library for Authenticode format parsing using OpenSSL.☆17Updated last year
- ☆71Updated 2 years ago
- Finding Truth in the Shadows☆89Updated 2 years ago
- A set of small utilities, helpers for PIN tracers☆31Updated last year
- IOCTLpus can be used to make DeviceIoControl requests with arbitrary inputs (with functionality somewhat similar to Burp Repeater).☆89Updated 3 years ago
- Remote Thread Detection with a Kernel Driver☆29Updated 2 months ago
- Enabled / Disable LSA Protection via BYOVD☆66Updated 3 years ago
- Resolve DOS MZ executable symbols at runtime☆95Updated 3 years ago
- x86 and x64 assembly "read-eval-print loop" for Windows☆28Updated 7 years ago
- Simple windows API logger☆101Updated 5 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆98Updated last year
- Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post☆56Updated 7 months ago
- arbitrary kernel read/write in dbutil_2_3.sys, Proof of Concept Local Privilege Escalation to nt authority/system☆56Updated 3 years ago
- A novel technique to communicate between threads using the standard ETHREAD structure☆110Updated 4 years ago
- Signature finder (from PE-bear)☆36Updated 9 months ago
- Small visualizator for PE files☆67Updated last year
- Neutralize KEPServerEX anti-debugging techniques☆31Updated 2 years ago
- C# implementation to produce ROR-13 numeric hash for given function API name☆31Updated 5 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆32Updated 3 years ago
- anti-ransomware file-system filter☆57Updated 7 months ago
- WinXPSP2.Cermalus on stereoids, supporting all 32 bits Windows version. Windows Kernel Virus stuff for noobs☆17Updated last year
- An x64dbg plugin which marks XFG call signatures as data☆73Updated last year
- File system minifilter driver for Windows to block symbolic link attacks.☆51Updated 4 years ago
- A simple password-based PE encryptor for Windows 32-bit executables.☆51Updated 2 months ago