MalUnpack companion driver
☆99Jun 17, 2024Updated last year
Alternatives and similar repositories for mal_unpack_drv
Users that are interested in mal_unpack_drv are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Dynamic unpacker based on PE-sieve☆799Sep 13, 2025Updated 6 months ago
- Small visualizator for PE files☆70Sep 20, 2023Updated 2 years ago
- A set of small utilities, helpers for PIN tracers☆37Feb 15, 2026Updated last month
- An experimental dynamic malware unpacker based on Intel Pin and PE-sieve☆63Aug 21, 2024Updated last year
- Python wrappers for mal_unpack☆37Sep 19, 2023Updated 2 years ago
- A template for projects using both libPeConv and MS Detours☆16Oct 5, 2025Updated 5 months ago
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆119Apr 8, 2023Updated 2 years ago
- Bypasses for Windows kernel callbacks PatchGuard protection☆44Aug 15, 2021Updated 4 years ago
- A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.☆187Apr 22, 2025Updated 11 months ago
- Analysing and defeating PatchGuard universally☆35Nov 4, 2020Updated 5 years ago
- A kernel mode Windows rootkit in development.☆49Dec 31, 2021Updated 4 years ago
- Yet another variant of Process Hollowing☆460Jul 31, 2025Updated 7 months ago
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆580Mar 8, 2024Updated 2 years ago
- An example code of CiGetCertPublisherName☆16Mar 24, 2022Updated 4 years ago
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated 2 years ago
- ☆29Nov 14, 2022Updated 3 years ago
- Resolve DOS MZ executable symbols at runtime☆96Nov 12, 2021Updated 4 years ago
- All Nt Syscall and W32k Syscall in one asm, include, and call it!☆58Nov 4, 2021Updated 4 years ago
- Bypassing kernel patch protection runtime☆22Feb 19, 2023Updated 3 years ago
- Simple Demo of using Windows Hypervisor Platform☆29Jul 14, 2025Updated 8 months ago
- Reversed WintaPix Malware Source code | That targets countries in the Middle East and abuse KeServiceDescriptorTable(SSDT), persistence a…☆22Jul 6, 2024Updated last year
- Hijack NotifyRoutine for a kernelmode thread☆41Jun 4, 2022Updated 3 years ago
- Advanced driver monitoring utility.☆219Mar 7, 2026Updated 2 weeks ago
- Parsers for custom malware formats ("Funky malware formats")☆98Jan 8, 2022Updated 4 years ago
- A Pin Tool for tracing API calls etc☆1,634Feb 8, 2026Updated last month
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- ☆29Jan 15, 2021Updated 5 years ago
- ☆58Feb 27, 2026Updated 3 weeks ago
- IDA Pro plugin for recognizing known hashes of API function names☆83May 12, 2022Updated 3 years ago
- ☆76Nov 30, 2023Updated 2 years ago
- Application Verifier Dynamic Fault Injection☆41Jan 12, 2026Updated 2 months ago
- A resource for thread hijacking and manual mapping code, that works with MEM_MAPPED & MEM_IMAGE.☆26Apr 17, 2021Updated 4 years ago
- A windows kernel driver to Block symbolic link exploit used for privilege escalation.☆15Jul 30, 2020Updated 5 years ago
- PoC for hiding PE exports☆67Dec 19, 2020Updated 5 years ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆688Mar 11, 2024Updated 2 years ago
- A simple and universal .NET proxy remover☆11Jun 14, 2020Updated 5 years ago
- Register a callback in Kernel from a manually mapped driver☆47Jun 1, 2021Updated 4 years ago
- Ready-to-use headers for Windows Kernel SSDT indices☆11Apr 12, 2020Updated 5 years ago
- IFL - Interactive Functions List (plugin for IDA Pro)☆489Feb 27, 2026Updated 3 weeks ago