Alternatives and similar repositories for IAT_patcher

Users that are interested in IAT_patcher are comparing it to the libraries listed below

• hasherezade / IAT_patcher_samples

  View on GitHub
  Sample libraries to be used with IAT Patcher
  ☆36Oct 1, 2022Updated 3 years ago
• hasherezade / bearparser

  View on GitHub
  Portable Executable parsing library (from PE-bear)
  ☆659Oct 4, 2025Updated 4 months ago
• hasherezade / chimera_pe

  View on GitHub
  ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports pay…
  ☆228Mar 22, 2023Updated 2 years ago
• hasherezade / libpeconv

  View on GitHub
  A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
  ☆1,323Oct 31, 2025Updated 3 months ago
• tinysec / iathook

  View on GitHub
  windows kernelmode and usermode IAT hook
  ☆149Mar 9, 2021Updated 4 years ago
• hasherezade / demos

  View on GitHub
  Demos of various injection techniques found in malware
  ☆797Feb 15, 2022Updated 3 years ago
• hasherezade / wke_exercises

  View on GitHub
  My solutions for HackSys Extreme Vulnerable Driver
  ☆12Apr 22, 2018Updated 7 years ago
• hasherezade / ViDi

  View on GitHub
  ViDi Visual Disassembler (experimental)
  ☆79Oct 8, 2025Updated 4 months ago
• m0n0ph1 / IAT-Hooking-Revisited

  View on GitHub
  Import address table (IAT) hooking is a well documented technique for intercepting calls to imported functions.
  ☆226Sep 19, 2018Updated 7 years ago
• pakt / decv

  View on GitHub
  Decompiler for Code Virtualizer 1.3.8 (Oreans)
  ☆87Oct 3, 2012Updated 13 years ago
• hasherezade / shellconv

  View on GitHub
  Small tool for disassembling shellcode (using objdump)
  ☆149Jun 19, 2022Updated 3 years ago
• tandasat / EopMon

  View on GitHub
  Elevation of privilege detector based on HyperPlatform
  ☆124Mar 5, 2017Updated 8 years ago
• hasherezade / malware_analysis

  View on GitHub
  Various snippets created during malware analysis
  ☆465Oct 3, 2025Updated 4 months ago
• BreakingMalware / PowerLoaderEx

  View on GitHub
  PowerLoaderEx - Advanced Code Injection Technique for x32 / x64
  ☆382Apr 17, 2017Updated 8 years ago
• hasherezade / ida_ifl

  View on GitHub
  IFL - Interactive Functions List (plugin for IDA Pro)
  ☆486Nov 16, 2025Updated 2 months ago
• mq1n / Wow64SyscallHook

  View on GitHub
  Wow64 syscall hook
  ☆42May 28, 2017Updated 8 years ago
• binbibi / CallbackEx

  View on GitHub
  Demo List cm/ps/ob/minifilter callback And Patch/Bypass it
  ☆29Dec 5, 2017Updated 8 years ago
• hasherezade / pin_n_sieve

  View on GitHub
  An experimental dynamic malware unpacker based on Intel Pin and PE-sieve
  ☆63Aug 21, 2024Updated last year
• BreakingMalware / Selfie

  View on GitHub
  A Tool to Unpack Self-Modifying Code using DynamoRIO
  ☆140Apr 17, 2017Updated 8 years ago
• nektra / Deviare-InProc

  View on GitHub
  Deviare In Process Instrumentation Engine
  ☆341Mar 6, 2020Updated 5 years ago
• tandasat / findpg

  View on GitHub
  Windbg extension to find PatchGuard pages
  ☆123Jun 24, 2014Updated 11 years ago
• wbenny / pdbex

  View on GitHub
  pdbex is a utility for reconstructing structures and unions from the PDB into compilable C headers
  ☆890Jun 18, 2025Updated 7 months ago
• MortenSchenk / Privilege_Shellcode

  View on GitHub
  Kernel Shellcode to add all privileges in token
  ☆15Mar 13, 2017Updated 8 years ago
• conix-security / MLBT

  View on GitHub
  MBR manipulation tool
  ☆18Jan 13, 2014Updated 12 years ago
• conix-security / debug_inject

  View on GitHub
  Shellcode injection using debugging APIs
  ☆19Jan 13, 2014Updated 12 years ago
• hasherezade / pe-sieve

  View on GitHub
  Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…
  ☆3,550Oct 31, 2025Updated 3 months ago
• darx0r / Reef

  View on GitHub
  IDAPython plugin for finding Xrefs from a function
  ☆48Jul 14, 2016Updated 9 years ago
• hasherezade / persistence_demos

  View on GitHub
  Demos of various (also non standard) persistence methods used by malware
  ☆224Mar 5, 2023Updated 2 years ago
• cvx / hadesmem

  View on GitHub
  HadesMem is a C++-based memory hacking library for Windows based applications, with the goal of providing a safe, generic, powerful, and …
  ☆28Jan 7, 2015Updated 11 years ago
• anatolikalysch / VMAttack

  View on GitHub
  VMAttack PlugIn for IDA Pro
  ☆866Nov 30, 2017Updated 8 years ago
• hasherezade / libpeconv_tpl

  View on GitHub
  A ready-made template for a project based on libpeconv.
  ☆51Oct 31, 2025Updated 3 months ago
• chen-charles / PEDetour

  View on GitHub
  modify binary Portable Executable to hook its export functions
  ☆67Jan 13, 2019Updated 7 years ago
• BromiumLabs / PackerAttacker

  View on GitHub
  C++ application that uses memory and code hooks to detect packers
  ☆274Mar 5, 2018Updated 7 years ago
• tandasat / DdiMon

  View on GitHub
  Monitoring and controlling kernel API calls with stealth hook using EPT
  ☆1,352Jan 22, 2022Updated 4 years ago
• tandasat / MemoryMon

  View on GitHub
  Detecting execution of kernel memory where is not backed by any image file
  ☆262Jul 11, 2018Updated 7 years ago
• IgorKorkin / MemoryRanger

  View on GitHub
  MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…
  ☆232Jul 26, 2020Updated 5 years ago
• therealdreg / anticuckoo

  View on GitHub
  A tool to detect and crash Cuckoo Sandbox
  ☆297Jul 22, 2024Updated last year
• MartinDrab / IRPMon

  View on GitHub
  The goal of the tool is to monitor requests received by selected device objects or kernel drivers. The tool is quite similar to IrpTracke…
  ☆406Dec 27, 2024Updated last year
• hasherezade / tiny_tracer

  View on GitHub
  A Pin Tool for tracing API calls etc
  ☆1,612Nov 25, 2025Updated 2 months ago