Alternatives and similar repositories for chimera_pe

Users that are interested in chimera_pe are comparing it to the libraries listed below

• hasherezade / module_overloading

  View on GitHub
  A more stealthy variant of "DLL hollowing"
  ☆363Mar 8, 2024Updated last year
• hasherezade / persistence_demos

  View on GitHub
  Demos of various (also non standard) persistence methods used by malware
  ☆224Mar 5, 2023Updated 2 years ago
• hasherezade / process_doppelganging

  View on GitHub
  My implementation of enSilo's Process Doppelganging (PE injection technique)
  ☆637Aug 30, 2022Updated 3 years ago
• ScorchSecurity / Toast

  View on GitHub
  User-mode hook bypassing method
  ☆33Aug 26, 2016Updated 9 years ago
• hasherezade / demos

  View on GitHub
  Demos of various injection techniques found in malware
  ☆797Feb 15, 2022Updated 3 years ago
• AzureGreen / WinNT-Learning

  View on GitHub
  Notes my learning steps about Windows-NT
  ☆23May 18, 2017Updated 8 years ago
• m0n0ph1 / Basic-File-Crypter

  View on GitHub
  Process Hollowing techniques as used in many file Crypters (C/C++)
  ☆85Oct 1, 2020Updated 5 years ago
• mgeeky / PE-library

  View on GitHub
  Lightweight Portable Executable parsing library and a demo peParser application.
  ☆80Jan 5, 2023Updated 3 years ago
• azerg / PackerPE

  View on GitHub
  simple PE packer written in C++
  ☆56Feb 23, 2018Updated 7 years ago
• BreakingMalware / PowerLoaderEx

  View on GitHub
  PowerLoaderEx - Advanced Code Injection Technique for x32 / x64
  ☆382Apr 17, 2017Updated 8 years ago
• stolenbytes / apcforthewin

  View on GitHub
  ☆16Sep 7, 2017Updated 8 years ago
• 3gstudent / Inject-dll-by-Process-Doppelganging

  View on GitHub
  Process Doppelgänging
  ☆162Dec 19, 2017Updated 8 years ago
• secrary / Hooking-via-InstrumentationCallback

  View on GitHub
  codes for my blog post: https://secrary.com/Random/InstrumentationCallback/
  ☆183Nov 30, 2017Updated 8 years ago
• jozemberi / PE-Crypter

  View on GitHub
  Simple runtime crypter in C/C++.
  ☆168Oct 3, 2015Updated 10 years ago
• JLospinoso / gargoyle

  View on GitHub
  A memory scanning evasion technique
  ☆897May 24, 2017Updated 8 years ago
• MalwareTech / ZombifyProcess

  View on GitHub
  Inject code into a legitimate process
  ☆146Dec 9, 2014Updated 11 years ago
• aaaddress1 / APCInjector-BYPASS-AV

  View on GitHub
  ☆19Jul 20, 2015Updated 10 years ago
• DarthTon / Polychaos

  View on GitHub
  PE permutation library
  ☆277Apr 8, 2023Updated 2 years ago
• BenjaminSoelberg / ReflectivePELoader

  View on GitHub
  Reflective PE loader for DLL injection
  ☆186Oct 12, 2017Updated 8 years ago
• tandasat / RemoteWriteMonitor

  View on GitHub
  A tool to help malware analysts tell that the sample is injecting code into other process.
  ☆78Aug 12, 2015Updated 10 years ago
• dotfornet / WindowsUtil

  View on GitHub
  ☆14Jan 10, 2017Updated 9 years ago
• passthehashbrowns / hiding-your-syscalls

  View on GitHub
  Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction wit…
  ☆218Feb 20, 2023Updated 2 years ago
• swwwolf / cbtest

  View on GitHub
  Windows kernel-mode callbacks tutorial driver
  ☆48Aug 8, 2016Updated 9 years ago
• hasherezade / process_chameleon

  View on GitHub
  A process overwriting its own PEB to make an illusion that it has been loaded from a different path.
  ☆99Jun 24, 2021Updated 4 years ago
• antonioCoco / Mapping-Injection

  View on GitHub
  Just another Windows Process Injection
  ☆408Aug 7, 2020Updated 5 years ago
• DownWithUp / DynamicKernelShellcode

  View on GitHub
  An example of how x64 kernel shellcode can dynamically find and use APIs
  ☆104May 14, 2020Updated 5 years ago
• hasherezade / process_ghosting

  View on GitHub
  Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…
  ☆682Mar 11, 2024Updated last year
• d35ha / CallObfuscator

  View on GitHub
  Obfuscate specific windows apis with different apis
  ☆1,021Feb 21, 2021Updated 4 years ago
• jackullrich / ShellcodeStdio

  View on GitHub
  An extensible framework for easily writing compiler optimized position independent x86 / x64 shellcode for windows platforms.
  ☆532Jul 2, 2025Updated 7 months ago
• SafeBreach-Labs / pinjectra

  View on GitHub
  Pinjectra is a C/C++ OOP-like library that implements Process Injection techniques (with focus on Windows 10 64-bit)
  ☆824Mar 10, 2022Updated 3 years ago
• osiris123 / CDriver_Loader

  View on GitHub
  Kernel mode driver loader, injecting into the windows kernel, Rootkit. Driver injections.
  ☆48Nov 9, 2014Updated 11 years ago
• Synestraa / Highcall-Library

  View on GitHub
  usermode standalone kernel interface
  ☆111Jul 9, 2018Updated 7 years ago
• markhc / windbg_to_c

  View on GitHub
  Translates WinDbg "dt" structure dump to a C structure
  ☆134Oct 16, 2016Updated 9 years ago
• tishion / mmLoader

  View on GitHub
  A library for loading dll module bypassing windows PE loader from memory (x86/x64)
  ☆581Feb 8, 2026Updated last week
• hasherezade / transacted_hollowing

  View on GitHub
  Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
  ☆581Mar 8, 2024Updated last year
• imgits / ShellcodeVM

  View on GitHub
  ShellcodeVM
  ☆15Jun 20, 2016Updated 9 years ago
• codereba / pe-master

  View on GitHub
  analyze the content of the pe file on windows, and shell(pack) function for windows drivers.
  ☆11Nov 9, 2018Updated 7 years ago
• mgeeky / UnhookMe

  View on GitHub
  UnhookMe is an universal Windows API resolver & unhooker addressing problem of invoking unmonitored system calls from within of your Red …
  ☆349Jul 3, 2022Updated 3 years ago
• hasherezade / libpeconv

  View on GitHub
  A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
  ☆1,323Oct 31, 2025Updated 3 months ago