czs108 / Windows-PE-PackerLinks
🗜️ A packer for Windows x86 executable files written in C and Intel x86 Assembly. The new file after packing can obstruct reverse engineering.(使用C和Intel x86汇编开发的Windows x86可执行文件打包工具,打包后的新文件可以阻碍逆向工程。)
☆353Updated last year
Alternatives and similar repositories for Windows-PE-Packer
Users that are interested in Windows-PE-Packer are comparing it to the libraries listed below
Sorting:
- Yet another variant of Process Hollowing☆426Updated 5 months ago
- Asynchronous Procedure Calls☆238Updated 4 years ago
- An obfuscation tool for Windows which instruments the Windows Loader into acting as an unpacking engine.☆312Updated 7 years ago
- Hide Process From Task Manager using Usermode API Hooking☆356Updated 4 years ago
- Process Hollowing in C++ (x86 / x64) - Process PE image replacement☆171Updated 2 years ago
- Simple x86/x86_64 instruction level obfuscator based on a basic SBI engine☆277Updated 3 years ago
- DLL that hooks the NtQuerySystemInformation API and hides a process name☆296Updated 2 years ago
- Inline syscalls made easy for windows on clang☆728Updated last year
- A x64 Windows Rootkit using SSDT or Hypervisor hook☆559Updated last year
- A library to develop kernel level Windows payloads for post HVCI era☆474Updated 4 years ago
- A more stealthy variant of "DLL hollowing"☆364Updated last year
- Various Process Injection Techniques☆161Updated 3 years ago
- x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration☆374Updated 3 years ago
- A kernel-mode rootkit with remote control☆220Updated 5 years ago
- System call hook for Windows 10 20H1☆495Updated 4 years ago
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging��☆583Updated last year
- Code that allows running another windows PE in the same address space as the host process.☆458Updated 9 years ago
- Kernel Security driver used to block past, current and future process injection techniques on Windows Operating System.☆155Updated 3 years ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆585Updated 2 years ago
- A modern c++ implementation of windows heavens gate☆240Updated 5 years ago
- Run a Exe File (PE Module) in memory (like an Application Loader)☆934Updated 4 years ago
- PoC capable of detecting manual syscalls from usermode.☆204Updated last month
- FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++17!☆352Updated 3 years ago
- Kernel driver loader using vulnerable gigabyte driver (https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vu…☆265Updated 4 years ago
- This project provides a collection of Microsoft Windows kernel structures, unions and enumerations. Most of them are not officially docum…☆230Updated 2 months ago
- protector & obfuscator & code virtualizer☆660Updated last week
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆208Updated 4 years ago
- Executes 64bit code from a 32bit process☆240Updated 8 years ago
- Kernel LdrLoadDll injector☆265Updated 7 years ago
- A PoC implementation for spoofing arbitrary call stacks when making sys calls (e.g. grabbing a handle via NtOpenProcess)☆543Updated 8 months ago