ergrelet / windiff
Web-based tool that allows comparing symbol, type and syscall information of Microsoft Windows binaries across different versions of the OS.
☆319Updated last week
Related projects: ⓘ
- A DTrace on Windows Reimplementation☆317Updated last month
- msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.☆148Updated 8 months ago
- Side-by-side comparison of the Windows and Linux (GNU) Loaders☆269Updated 2 weeks ago
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆334Updated this week
- Static Binary Instrumentation tool for Windows x64 executables☆176Updated last month
- x86 malware emulator☆190Updated 3 weeks ago
- ☆186Updated this week
- ☆92Updated this week
- ☆177Updated 11 months ago
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆247Updated 8 months ago
- A generic UEFI bootkit used to achieve initial usermode execution. It works with modifications.☆393Updated last year
- Exploring RPC interfaces on Windows☆257Updated 7 months ago
- WinDbg extension written in Rust to dump the CPU / memory state of a running VM☆110Updated last month
- masm32 kernel programming, drivers, tutorials, examples, and tools (credits Four-F)☆114Updated last year
- Yet another variant of Process Hollowing☆349Updated 6 months ago
- Advanced driver monitoring utility.☆194Updated 2 years ago
- The Definitive Guide To Process Cloning on Windows☆387Updated 8 months ago
- a PE Loader and Windows API tracer. Useful in malware analysis.☆138Updated 2 years ago
- Patching "signtool.exe" to accept expired certificates for code-signing.☆264Updated 2 months ago
- ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).☆407Updated 4 months ago
- Time Travel Debugging IDA plugin☆551Updated 2 months ago
- HyperDeceit is the ultimate all-in-one library that emulates Hyper-V for Windows, giving you the ability to intercept and manipulate oper…☆353Updated last year
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆251Updated 2 years ago
- Single header version of System Informer's phnt library.☆172Updated 3 months ago
- Vulnerable driver research tool, result and exploit PoCs☆179Updated 10 months ago
- Signtool for expired certificates☆441Updated last year
- Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2☆221Updated 2 years ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆597Updated last year
- Recon 2023 slides and code☆77Updated last year
- ☆103Updated last month