diversenok / Suspending-TechniquesLinks
Comparing, discussing, and bypassing various techniques for suspending and freezing processes on Windows.
☆127Updated 3 years ago
Alternatives and similar repositories for Suspending-Techniques
Users that are interested in Suspending-Techniques are comparing it to the libraries listed below
Sorting:
- Simple windows API logger☆108Updated 5 years ago
- API Set resolver for Windows☆136Updated 10 months ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆252Updated 2 years ago
- ☆71Updated 2 years ago
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆113Updated 3 years ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆146Updated 4 years ago
- Hook all callbacks which are registered with LdrRegisterDllNotification☆88Updated 4 months ago
- APC Internals Research Code☆166Updated 5 years ago
- Various Process Injection Techniques☆152Updated 3 years ago
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆297Updated 9 months ago
- Resolve DOS MZ executable symbols at runtime☆95Updated 3 years ago
- Run Processes as PPL with ELAM☆167Updated 3 years ago
- Global user-mode hooking framework, based on AppInit_DLLs. The goal is to allow you to rapidly develop hooks to inject in an arbitrary pr…☆175Updated 3 years ago
- Single header version of System Informer's phnt library.☆226Updated last week
- Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post☆65Updated 11 months ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆127Updated 2 years ago
- Anti-Debug encyclopedia contains methods used by malware to verify if they are executed under debugging. It includes the description of v…☆60Updated last year
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆118Updated 2 years ago
- x64 Windows PatchGuard bypass, register process-creation callbacks from unsigned code☆206Updated 4 years ago
- Kernel Security driver used to block past, current and future process injection techniques on Windows Operating System.☆153Updated 2 years ago
- a PE Loader and Windows API tracer. Useful in malware analysis.☆143Updated 2 years ago
- File system minifilter driver for Windows to block symbolic link attacks.☆52Updated 4 years ago
- Advanced driver monitoring utility.☆215Updated 3 years ago
- A quick-and-dirty anti-hook library proof of concept.☆104Updated 6 years ago
- Exploit MsIo vulnerable driver☆110Updated 3 years ago
- Documenting system information classes and their uses☆54Updated 3 years ago
- ☆146Updated 2 years ago
- Three Tiny Examples of Directly Using Vista's NtCreateUserProcess☆88Updated 9 years ago
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆144Updated 6 years ago
- Collection of DLL function export forwards for DLL export function proxying☆102Updated last year