diversenok / Suspending-Techniques
Comparing, discussing, and bypassing various techniques for suspending and freezing processes on Windows.
☆119Updated 3 years ago
Alternatives and similar repositories for Suspending-Techniques:
Users that are interested in Suspending-Techniques are comparing it to the libraries listed below
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆244Updated 2 years ago
- Resolve DOS MZ executable symbols at runtime☆95Updated 3 years ago
- ☆71Updated 2 years ago
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆133Updated 7 months ago
- APC Internals Research Code☆162Updated 4 years ago
- An application to view and filter pool allocations from a dmp file on Windows 10 RS5+.☆137Updated 2 years ago
- PE Viewer☆171Updated 2 months ago
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆203Updated 3 years ago
- File system minifilter driver for Windows to block symbolic link attacks.☆51Updated 4 years ago
- ☆142Updated last year
- Single header version of System Informer's phnt library.☆209Updated this week
- Code Injection, Inject malicious payload via pagetables pml4.☆232Updated 3 years ago
- Three Tiny Examples of Directly Using Vista's NtCreateUserProcess☆87Updated 9 years ago
- Global user-mode hooking framework, based on AppInit_DLLs. The goal is to allow you to rapidly develop hooks to inject in an arbitrary pr…☆167Updated 3 years ago
- Small tool to convert beteween the PE alignments (raw and virtual).☆86Updated 2 years ago
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆81Updated 4 years ago
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆274Updated 5 months ago
- Run Processes as PPL with ELAM☆160Updated 3 years ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆130Updated 4 years ago
- Ghetto user mode emulation of Windows kernel drivers.☆133Updated 5 months ago
- IOCTLpus can be used to make DeviceIoControl requests with arbitrary inputs (with functionality somewhat similar to Burp Repeater).☆89Updated 3 years ago
- Hook all callbacks which are registered with LdrRegisterDllNotification☆85Updated 2 years ago
- ☆159Updated 6 months ago
- Call arbitrary Windows kernel-mode functions from Python on another machine☆44Updated 3 years ago
- Finding Truth in the Shadows☆89Updated 2 years ago
- API Set resolver for Windows☆129Updated 6 months ago
- A WinDbg extension to trace COM interactions☆114Updated last year
- Set of antianalysis techniques found in malware☆129Updated last year
- Anti-Debug encyclopedia contains methods used by malware to verify if they are executed under debugging. It includes the description of v…☆53Updated last year
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆109Updated 3 years ago