Alternatives and similar repositories for dll_to_exe

Users that are interested in dll_to_exe are comparing it to the libraries listed below

• hasherezade / exe_to_dll

  View on GitHub
  Converts a EXE into DLL
  ☆1,360Sep 15, 2025Updated 4 months ago
• hasherezade / pe_to_shellcode

  View on GitHub
  Converts PE into a shellcode
  ☆2,734Aug 30, 2025Updated 5 months ago
• hasherezade / pe-sieve

  View on GitHub
  Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-mem…
  ☆3,550Oct 31, 2025Updated 3 months ago
• hasherezade / hollows_hunter

  View on GitHub
  Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks,…
  ☆2,310Oct 31, 2025Updated 3 months ago
• hasherezade / libpeconv

  View on GitHub
  A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl
  ☆1,323Oct 31, 2025Updated 3 months ago
• hasherezade / module_overloading

  View on GitHub
  A more stealthy variant of "DLL hollowing"
  ☆363Mar 8, 2024Updated last year
• hasherezade / process_ghosting

  View on GitHub
  Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…
  ☆682Mar 11, 2024Updated last year
• monoxgas / sRDI

  View on GitHub
  Shellcode implementation of Reflective DLL Injection. Convert DLLs to position independent shellcode
  ☆2,497Nov 15, 2023Updated 2 years ago
• ThunderGunExpress / Reflective_Schtasks

  View on GitHub
  ☆54Aug 13, 2018Updated 7 years ago
• TheWover / donut

  View on GitHub
  Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from mem…
  ☆4,452Jul 8, 2025Updated 7 months ago
• aaaddress1 / RunPE-In-Memory

  View on GitHub
  Run a Exe File (PE Module) in memory (like an Application Loader)
  ☆937Mar 28, 2021Updated 4 years ago
• jthuraisamy / SysWhispers

  View on GitHub
  AV/EDR evasion via direct system calls.
  ☆1,985Jan 1, 2023Updated 3 years ago
• d35ha / CallObfuscator

  View on GitHub
  Obfuscate specific windows apis with different apis
  ☆1,021Feb 21, 2021Updated 4 years ago
• hasherezade / chimera_pe

  View on GitHub
  ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports pay…
  ☆228Mar 22, 2023Updated 2 years ago
• 0x09AL / RdpThief

  View on GitHub
  Extracting Clear Text Passwords from mstsc.exe using API Hooking.
  ☆1,422Jul 20, 2024Updated last year
• hasherezade / demos

  View on GitHub
  Demos of various injection techniques found in malware
  ☆797Feb 15, 2022Updated 3 years ago
• outflanknl / Excel4-DCOM

  View on GitHub
  PowerShell and Cobalt Strike scripts for lateral movement using Excel 4.0 / XLM macros via DCOM (direct shellcode injection in Excel.exe)
  ☆328Mar 26, 2019Updated 6 years ago
• hasherezade / transacted_hollowing

  View on GitHub
  Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
  ☆581Mar 8, 2024Updated last year
• outflanknl / Dumpert

  View on GitHub
  LSASS memory dumper using direct system calls and API unhooking.
  ☆1,577Jan 5, 2021Updated 5 years ago
• FuzzySecurity / Sharp-Suite

  View on GitHub
  Also known by Microsoft as Knifecoat
  ☆1,151Dec 22, 2022Updated 3 years ago
• hasherezade / process_doppelganging

  View on GitHub
  My implementation of enSilo's Process Doppelganging (PE injection technique)
  ☆637Aug 30, 2022Updated 3 years ago
• phra / PEzor

  View on GitHub
  Open-Source Shellcode & PE Packer
  ☆2,063Feb 3, 2024Updated 2 years ago
• MojtabaTajik / Robber

  View on GitHub
  Robber is open source tool for finding executables prone to DLL hijacking
  ☆785Jun 23, 2022Updated 3 years ago
• mdsecactivebreach / SharpShooter

  View on GitHub
  Payload Generation Framework
  ☆1,956Aug 21, 2024Updated last year
• cobbr / SharpSploit

  View on GitHub
  SharpSploit is a .NET post-exploitation library written in C#
  ☆1,859Aug 12, 2021Updated 4 years ago
• hasherezade / mal_unpack

  View on GitHub
  Dynamic unpacker based on PE-sieve
  ☆796Sep 13, 2025Updated 5 months ago
• codewhitesec / LethalHTA

  View on GitHub
  Lateral Movement technique using DCOM and HTA
  ☆235Oct 18, 2022Updated 3 years ago
• theevilbit / injection

  View on GitHub
  ☆825Dec 28, 2019Updated 6 years ago
• scrt / avcleaner

  View on GitHub
  C/C++ source obfuscator for antivirus bypass
  ☆1,060Mar 10, 2022Updated 3 years ago
• NytroRST / ShellcodeCompiler

  View on GitHub
  Shellcode Compiler
  ☆1,147Sep 1, 2024Updated last year
• hasherezade / bearparser

  View on GitHub
  Portable Executable parsing library (from PE-bear)
  ☆659Oct 4, 2025Updated 4 months ago
• 0xbadjuju / Tokenvator

  View on GitHub
  A tool to elevate privilege with Windows Tokens
  ☆1,055Oct 6, 2023Updated 2 years ago
• p3nt4 / PowerShdll

  View on GitHub
  Run PowerShell with rundll32. Bypass software restrictions.
  ☆1,822Mar 17, 2021Updated 4 years ago
• Flangvik / NetLoader

  View on GitHub
  Loads any C# binary in mem, patching AMSI + ETW.
  ☆839Oct 3, 2021Updated 4 years ago
• hasherezade / tiny_tracer

  View on GitHub
  A Pin Tool for tracing API calls etc
  ☆1,612Nov 25, 2025Updated 2 months ago
• rootm0s / WinPwnage

  View on GitHub
  UAC bypass, Elevate, Persistence methods
  ☆2,736Feb 13, 2023Updated 3 years ago
• tyranid / DotNetToJScript

  View on GitHub
  A tool to create a JScript file which loads a .NET v2 assembly from memory.
  ☆1,316Jan 18, 2021Updated 5 years ago
• ustayready / CasperStager

  View on GitHub
  PoC for persisting .NET payloads in Windows Notification Facility (WNF) state names using low-level Windows Kernel API calls.
  ☆152Jun 3, 2019Updated 6 years ago
• monoxgas / Koppeling

  View on GitHub
  Adaptive DLL hijacking / dynamic export forwarding
  ☆808Jul 6, 2020Updated 5 years ago