Alternatives and similar repositories for windiff:

Users that are interested in windiff are comparing it to the libraries listed below

• mandiant / STrace
  A DTrace on Windows Reimplementation
  ☆337Updated 3 months ago
• Sentinel-One / peafl64
  Static Binary Instrumentation tool for Windows x64 executables
  ☆194Updated 3 months ago
• alexander-hanel / msdocsviewer
  msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.
  ☆148Updated last year
• ElliotKillick / windows-vs-linux-loader-architecture
  Side-by-side comparison of the Windows and Linux (GNU) Loaders
  ☆298Updated 4 months ago
• thalium / symless
  ☆189Updated last year
• realoriginal / bootlicker
  A generic UEFI bootkit used to achieve initial usermode execution. It works with modifications.
  ☆407Updated last year
• Fyyre / DrvMon
  Advanced driver monitoring utility.
  ☆202Updated 2 years ago
• KiFilterFiberContext / warbird-hook
  Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard
  ☆245Updated 2 years ago
• airbus-cert / ttddbg
  Time Travel Debugging IDA plugin
  ☆560Updated 7 months ago
• hasherezade / process_overwriting
  Yet another variant of Process Hollowing
  ☆363Updated this week
• yardenshafir / WinDbg_Scripts
  Useful scripts for WinDbg using the debugger data model
  ☆393Updated 10 months ago
• Bw3ll / sharem
  SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…
  ☆351Updated 3 months ago
• mrexodia / phnt-single-header
  Single header version of System Informer's phnt library.
  ☆192Updated this week
• 0vercl0k / udmp-parser
  A Cross-Platform C++ parser library for Windows user minidumps with Python 3 bindings.
  ☆200Updated 2 months ago
• thesecretclub / SandboxBootkit
  Bootkit for Windows Sandbox to disable DSE/PatchGuard.
  ☆268Updated 3 months ago
• ioncodes / ceload
  BYOVD: Loading dbk64.sys and grabbing a handle to it
  ☆147Updated 2 years ago
• janoglezcampos / llvm-yx-callobfuscator
  LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.
  ☆265Updated last year
• zeze-zeze / ioctlance
  A tool that is used to hunt vulnerabilities in x64 WDM drivers
  ☆168Updated last year
• 0vercl0k / snapshot
  WinDbg extension written in Rust to dump the CPU / memory state of a running VM
  ☆114Updated 2 months ago
• ionescu007 / clfs-docs
  Unofficial Common Log File System (CLFS) Documentation
  ☆168Updated 3 years ago
• yardenshafir / IoRingReadWritePrimitive
  Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2
  ☆225Updated 2 years ago
• VoidSec / DriverBuddyReloaded
  Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks
  ☆340Updated 3 months ago
• ropfuscator / ropfuscator
  ROPfuscator is a fine-grained code obfuscation framework for C/C++ programs using ROP (return-oriented programming).
  ☆424Updated 8 months ago
• tandasat / hvext
  The Windbg extension that implements commands helpful to study Hyper-V on Intel processors.
  ☆135Updated 3 weeks ago
• waleedassar / SimpleNTSyscallFuzzer
  ☆143Updated last year
• mandiant / xrefer
  FLARE Team's Binary Navigator
  ☆211Updated last week
• therealdreg / masm32-kernel-programming
  masm32 kernel programming, drivers, tutorials, examples, and tools (credits Four-F)
  ☆116Updated last year
• Signal-Labs / IOCTLDump
  ☆141Updated last year
• zodiacon / Recon2023
  Recon 2023 slides and code
  ☆79Updated last year