Tool to view and create Microsoft shim database files (SDB).
☆119May 11, 2017Updated 8 years ago
Alternatives and similar repositories for sdb-explorer
Users that are interested in sdb-explorer are comparing it to the libraries listed below
Sorting:
- ☆18Mar 28, 2015Updated 10 years ago
- Pure Python parser for Application Compatibility Shim Databases (.sdb files)☆110Jan 26, 2021Updated 5 years ago
- Recon 2015 Presentation from Alex Ionescu☆250Jan 27, 2016Updated 10 years ago
- Anti-AV compilation☆44Oct 4, 2013Updated 12 years ago
- Local Kernel Debugger (LKD) is a python wrapper around dbgengine.dll☆92Aug 22, 2016Updated 9 years ago
- Automated library compilation and PDB annotation with CMake and IDA Pro☆21Sep 20, 2018Updated 7 years ago
- C++☆88Sep 11, 2016Updated 9 years ago
- ☆28Dec 28, 2017Updated 8 years ago
- Implementation of a thin hypervisor☆43May 20, 2016Updated 9 years ago
- Work Fast With the pattern matching swiss knife for malware researchers.☆38Mar 26, 2016Updated 9 years ago
- Generate MAEC XML from Ero Carrera's pefile output☆15Mar 6, 2017Updated 8 years ago
- Incident Response & Digital Forensics Debugging Extension☆389Dec 11, 2018Updated 7 years ago
- ☆46Aug 21, 2019Updated 6 years ago
- EditBox is a plugin for the Volatility Framework. It extracts the text from Windows Edit controls, that is, textboxes as generated by Win…☆24Jun 4, 2017Updated 8 years ago
- Shim database persistence (Fin7 TTP)☆37Feb 25, 2020Updated 6 years ago
- A GC link parser for both linkfiles and jumplists.☆18Oct 28, 2016Updated 9 years ago
- Landing page for MAEC docs☆22Oct 22, 2022Updated 3 years ago
- Emofishes is a collection of proof-of-concepts that help improve, bypass or detect virtualized execution environments (focusing on the on…☆15Jan 28, 2023Updated 3 years ago
- Windows x64 Process Scanner to detect application compatability shims☆37Oct 17, 2018Updated 7 years ago
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆57Jun 21, 2016Updated 9 years ago
- [ARCHIVED] mov rax, ${Thalium/IceBox}; jmp rax;☆76Jun 8, 2019Updated 6 years ago
- ☆64Oct 24, 2015Updated 10 years ago
- Parse Microsoft shim databases☆32Jan 8, 2025Updated last year
- Transfer EIP control to shellcode during malware analysis investigation☆77Oct 29, 2014Updated 11 years ago
- A sample project for using Capstone from a driver in Visual Studio 2015☆36May 4, 2016Updated 9 years ago
- Two tools used during our analysis of the Microsoft binary injection mitigation implemented in Edge TH2.☆53Feb 15, 2017Updated 9 years ago
- Enumerate Windows Defender threat families and dump their names according category☆93May 27, 2019Updated 6 years ago
- A pytest module for The Interactive Disassembler and IDAPython; Record and Replay IDAPython API, execute inside IDA or use mockups of IDA…☆47Nov 3, 2018Updated 7 years ago
- An application for obtaining, dumping and modifying token from user land.☆26Nov 21, 2015Updated 10 years ago
- ☆25Jan 26, 2016Updated 10 years ago
- WinDBG Anti-RootKit Extension☆645Jul 29, 2020Updated 5 years ago
- reverse engineering extension plugin for windbg☆121Sep 30, 2019Updated 6 years ago
- ☆15Mar 28, 2015Updated 10 years ago
- ☆15Jun 12, 2015Updated 10 years ago
- enhanced spy++☆10Feb 7, 2014Updated 12 years ago
- ☆408Mar 1, 2017Updated 8 years ago
- Ruxcon2016 POC Code☆141Nov 21, 2016Updated 9 years ago
- Mixing up CVE and MS like a pro☆25Mar 27, 2017Updated 8 years ago
- Detects code differentials between executables in disk and the corresponding processes/modules in memory☆115Jun 19, 2020Updated 5 years ago