f4rb3r1o / vmt-hookingLinks
VMT hooking is a technique where you hook one (or more) VMT(Virtual Method Table) entries with a pointer to other function. Thus, when the process calls a virtual function and fetches the function pointer to be called, it will eventually execute your code. In this example, I've create a buggy application that suffers from a data leak vulnerabili…
☆14Updated 5 years ago
Alternatives and similar repositories for vmt-hooking
Users that are interested in vmt-hooking are comparing it to the libraries listed below
Sorting:
- Signature scanner and API hooks to detect malicious process injection☆27Updated 2 years ago
- A Windows API hooking library !☆31Updated 2 years ago
- Just an example of a well-known technique to detect memory tampering via Windows Working Sets.☆16Updated 3 years ago
- ☆26Updated last year
- A driver to implement IOCTL hooking☆24Updated 3 years ago
- Single header library to simplify the usage of direct syscalls. x64/x86☆12Updated 2 years ago
- ☆38Updated 2 years ago
- A C++ syscall ID extractor for Windows. Developed, debugged and tested on 20H2.☆20Updated 4 years ago
- Plugin to patch and remove ASLR from PE files on x64dbg☆39Updated 2 years ago
- Improved VMP Idea(detect anti-anti-debug tools by bug)☆45Updated 2 years ago
- EDR PoC WIP LLC☆11Updated last year
- reverse engineering of the windows nt kernel debugger protocol & reimplementation.☆26Updated last year
- ☆48Updated 6 years ago
- Symbolic Execution based on lifting amd64 to z3☆28Updated last year
- A poc that abuses Enclave☆38Updated 2 years ago
- Function hooks in Windows NT Kernel☆24Updated 4 years ago
- X86/X64 Hardware Breakpoint Manager☆41Updated 4 years ago
- A packed & protected Module Loader and more, for 64-bit Windows☆29Updated 4 years ago
- Native API header files for the Process Hacker project (nightly).☆26Updated 3 weeks ago
- manual mapping injector☆27Updated 3 years ago
- Bypassing kernel patch protection runtime☆20Updated 2 years ago
- ☆34Updated last year
- C++ console logging library (fmt wrapper)☆17Updated 5 years ago
- ☆30Updated 3 years ago
- devirtualization vmprotect☆62Updated 2 years ago
- RET / JMP RBX call spoofer☆10Updated 5 years ago
- ☆59Updated 3 years ago
- A Binary Ninja plugin to deobfuscate Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.☆32Updated 11 months ago
- idashare is an IDA Pro plugin that allows you to quickly share the currently loaded binary and IDA database over a local HTTP server with…☆11Updated 3 months ago
- ☆35Updated 2 years ago