gdabah / distormx
The ultimate hooking library
☆254Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for distormx
- PatchGuard Research☆291Updated 6 years ago
- Simple VM based x86 PE (portable exectuable) protector.☆334Updated 9 years ago
- Persistent IAT hooking application - based on bearparser☆247Updated 2 years ago
- Detecting execution of kernel memory where is not backed by any image file☆252Updated 6 years ago
- pdbex is a utility for reconstructing structures and unions from the PDB into compilable C headers☆821Updated 2 months ago
- DriverBuddy is an IDA Python script to assist with the reverse engineering of Windows kernel drivers.☆352Updated 4 years ago
- A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.☆421Updated 6 years ago
- TLB splitting VMM☆161Updated 8 years ago
- Hypervisor based tool for monitoring system register accesses.☆141Updated 6 years ago
- x86 Inline hooking engine (using trampolines)☆92Updated 9 years ago
- Official x64dbg plugin for IDA Pro.☆454Updated last month
- Debug Child Process Tool (auto attach)☆271Updated last year
- Import address table (IAT) hooking is a well documented technique for intercepting calls to imported functions.☆216Updated 6 years ago
- Windows NT x64 syscall fuzzer☆590Updated last year
- ☆103Updated 2 years ago
- ☆220Updated 3 years ago
- Detours with just single dependency - NTDLL☆608Updated 2 years ago
- windows syscall table from xp ~ 10 rs4☆348Updated 6 years ago
- Another RTTI Parsing IDA plugin☆287Updated last year
- SimpleSvmHook is a research purpose hypervisor for Windows on AMD processors.☆357Updated 3 years ago
- The Windows Library for Intel Process Trace (WinIPT) is a project that leverages the new Intel Processor Trace functionality exposed by W…☆365Updated last year
- The goal of the tool is to monitor requests received by selected device objects or kernel drivers. The tool is quite similar to IrpTracke…☆366Updated 8 months ago
- An analysis of the Warbird virtual-machine protection for the CI!g_pStore☆227Updated 6 years ago
- Mirror of users section of rootkit.com☆289Updated 8 years ago
- Research on Windows Kernel Executive Callback Objects☆278Updated 4 years ago
- zer0m0n driver for cuckoo sandbox☆354Updated 9 years ago
- Loading unsigned code into kernel in Windows 10 (64) with help of VMware Workstation Pro/Player design flaw☆136Updated 7 years ago
- PE permutation library☆261Updated last year
- The history of Windows Internals via symbols.☆177Updated 3 years ago
- x64dbg plugin to set breakpoints automatically to Win32/64 APIs☆167Updated 6 years ago