debasishm89 / qHooK
qHooK is very simple python script (dependent on pydbg) which hooks user defined Win32 APIs in any process and monitor then while process is running and at last prepare a CSV report with various interesting information which can help reverse engineer to track down / analyse unknown exploit samples / shellcode.
☆21Updated 10 years ago
Alternatives and similar repositories for qHooK:
Users that are interested in qHooK are comparing it to the libraries listed below
- IDA Pro plug-in and tools for displaying 3D graphs of procedures using UbiGraph☆25Updated 11 years ago
- ASProtect reverse engineering & analysis WinDbg extension☆21Updated 4 years ago
- IDA WhatAPIs PlugIn☆7Updated 9 years ago
- Short for Good Ware; it assists Reverse Engineers in the analysis of Windows Malware.☆24Updated 12 years ago
- My commands and scripts extending WinDbg☆31Updated this week
- Kernel Shellcode to add all privileges in token�☆13Updated 7 years ago
- Allows you to add breakpoints from IDA (from the graph/text view) to WinDbg easily☆14Updated 6 years ago
- TrueCrypt 7.2 — (Source Codes)☆8Updated 7 years ago
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Updated 7 years ago
- API logger plugin for Intel Pintool☆14Updated 7 years ago
- ☆13Updated 7 years ago
- ☆12Updated 9 years ago
- Helper utility for debugging windows PE/PE+ loader.☆51Updated 9 years ago
- Kernel-mode file scanner☆18Updated 6 years ago
- IDA PRO FLIRT signature files MSVC2017的sig文件☆15Updated 5 years ago
- Import debugging traces from WinDBG into IDA. Color the graph, fill in the value of all the operands, etc.☆25Updated 12 years ago
- A loadable dll that tracks memory changes, IAT hooks, and dynamically emplaced "JMP" in the host executable☆12Updated last year
- Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.☆22Updated 7 years ago
- ☆28Updated 7 years ago
- Exploiting HEVD's WriteWhatWhereIoctlDispatch for LPE on Windows 10 TH2 through RS3 using GDI objects.☆24Updated 7 years ago
- IDApro idc and idapython script collection☆28Updated last year
- ☆22Updated 6 years ago
- reversed emet tool☆24Updated 12 years ago
- Anti-Anti-Debugger Plugins☆18Updated 11 years ago
- Malwarebytes Antivirus CVE☆8Updated 7 years ago
- Engine for communication with remote kernel debugger (KD, WinDbg) from drivers and applications☆36Updated 11 years ago
- Windows build files for the VMHunt Intel PIN Trace tool☆19Updated 6 years ago
- ☆28Updated 9 years ago
- ☆22Updated 4 years ago
- User-mode process cross-checking utility intended to detect naive malware hiding itself by hooking IAT/EAT.☆19Updated 9 years ago