Persistent IAT hooking application - based on bearparser
☆264Sep 18, 2022Updated 3 years ago
Alternatives and similar repositories for IAT_patcher
Users that are interested in IAT_patcher are comparing it to the libraries listed below
Sorting:
- Sample libraries to be used with IAT Patcher☆37Oct 1, 2022Updated 3 years ago
- Portable Executable parsing library (from PE-bear)☆659Oct 4, 2025Updated 5 months ago
- ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports pay…☆229Mar 22, 2023Updated 2 years ago
- A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl☆1,331Oct 31, 2025Updated 4 months ago
- windows kernelmode and usermode IAT hook☆149Mar 9, 2021Updated 4 years ago
- Demos of various injection techniques found in malware☆796Feb 15, 2022Updated 4 years ago
- My solutions for HackSys Extreme Vulnerable Driver☆12Apr 22, 2018Updated 7 years ago
- ViDi Visual Disassembler (experimental)☆79Oct 8, 2025Updated 4 months ago
- Decompiler for Code Virtualizer 1.3.8 (Oreans)☆88Oct 3, 2012Updated 13 years ago
- Small tool for disassembling shellcode (using objdump)☆149Jun 19, 2022Updated 3 years ago
- Elevation of privilege detector based on HyperPlatform☆123Mar 5, 2017Updated 9 years ago
- Various snippets created during malware analysis☆464Oct 3, 2025Updated 5 months ago
- PowerLoaderEx - Advanced Code Injection Technique for x32 / x64☆382Apr 17, 2017Updated 8 years ago
- IFL - Interactive Functions List (plugin for IDA Pro)☆487Feb 27, 2026Updated last week
- Wow64 syscall hook☆43May 28, 2017Updated 8 years ago
- Demo List cm/ps/ob/minifilter callback And Patch/Bypass it☆29Dec 5, 2017Updated 8 years ago
- An experimental dynamic malware unpacker based on Intel Pin and PE-sieve☆63Aug 21, 2024Updated last year
- Windbg extension to find PatchGuard pages☆123Jun 24, 2014Updated 11 years ago
- A Tool to Unpack Self-Modifying Code using DynamoRIO☆140Apr 17, 2017Updated 8 years ago
- Deviare In Process Instrumentation Engine☆342Mar 6, 2020Updated 6 years ago
- pdbex is a utility for reconstructing structures and unions from the PDB into compilable C headers☆895Jun 18, 2025Updated 8 months ago
- MBR manipulation tool☆18Jan 13, 2014Updated 12 years ago
- Kernel Shellcode to add all privileges in token☆15Mar 13, 2017Updated 8 years ago
- Shellcode injection using debugging APIs☆19Jan 13, 2014Updated 12 years ago
- Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…☆3,564Oct 31, 2025Updated 4 months ago
- IDAPython plugin for finding Xrefs from a function☆48Jul 14, 2016Updated 9 years ago
- Demos of various (also non standard) persistence methods used by malware☆224Mar 5, 2023Updated 3 years ago
- HadesMem is a C++-based memory hacking library for Windows based applications, with the goal of providing a safe, generic, powerful, and …☆28Jan 7, 2015Updated 11 years ago
- A ready-made template for a project based on libpeconv.☆52Oct 31, 2025Updated 4 months ago
- VMAttack PlugIn for IDA Pro☆866Nov 30, 2017Updated 8 years ago
- modify binary Portable Executable to hook its export functions☆67Jan 13, 2019Updated 7 years ago
- C++ application that uses memory and code hooks to detect packers☆275Mar 5, 2018Updated 8 years ago
- Detecting execution of kernel memory where is not backed by any image file☆261Jul 11, 2018Updated 7 years ago
- Monitoring and controlling kernel API calls with stealth hook using EPT☆1,356Jan 22, 2022Updated 4 years ago
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆232Jul 26, 2020Updated 5 years ago
- A tool to detect and crash Cuckoo Sandbox☆297Jul 22, 2024Updated last year
- The goal of the tool is to monitor requests received by selected device objects or kernel drivers. The tool is quite similar to IrpTracke…☆409Dec 27, 2024Updated last year
- A Pin Tool for tracing API calls etc☆1,625Feb 8, 2026Updated 3 weeks ago
- Detours with just single dependency - NTDLL☆672Nov 25, 2025Updated 3 months ago