Small tool to convert beteween the PE alignments (raw and virtual).
☆112Dec 28, 2022Updated 3 years ago
Alternatives and similar repositories for pe_unmapper
Users that are interested in pe_unmapper are comparing it to the libraries listed below
Sorting:
- Hooking Heavens Gate in a weekend☆13Jan 1, 2022Updated 4 years ago
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆318Oct 13, 2024Updated last year
- Finding Truth in the Shadows☆123Jan 26, 2023Updated 3 years ago
- Sample/PoC Windows kernel driver for detect DMA devices by using Vendor ID and Device ID signatures☆38Sep 22, 2024Updated last year
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆125Jul 12, 2024Updated last year
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Mar 29, 2025Updated 11 months ago
- Minifilter Callback Patching Proof-of-Concept☆74Oct 31, 2022Updated 3 years ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆159Apr 13, 2023Updated 2 years ago
- Abusing exceptions for code execution.☆113Jan 30, 2023Updated 3 years ago
- RWX Section Abusing☆16Nov 19, 2023Updated 2 years ago
- ☆17Oct 31, 2022Updated 3 years ago
- ntoskrnl .data hooks for UM-KM communication☆54May 26, 2024Updated last year
- a windows kernel keylogger that works☆20Feb 12, 2024Updated 2 years ago
- ☆69Aug 31, 2021Updated 4 years ago
- PE (and elf now!) bin2bin obfuscator☆820Oct 11, 2025Updated 4 months ago
- Interceptor is a kernel driver focused on tampering with EDR/AV solutions in kernel space☆136Jan 2, 2023Updated 3 years ago
- This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCr…☆63Feb 11, 2024Updated 2 years ago
- Archive R/W into any protected process by changing the value of KTHREAD->PreviousMode☆163Jul 31, 2022Updated 3 years ago
- Implementation of an export address table protection mitigation, like Export Address Filtering (EAF)☆115May 21, 2023Updated 2 years ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆132Apr 26, 2023Updated 2 years ago
- ASM Bootkit that patches DSE at boot allowing to load unsigned drivers☆15Aug 24, 2025Updated 6 months ago
- NASM listing to shellcode converter☆14May 6, 2018Updated 7 years ago
- havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets☆42Aug 6, 2024Updated last year
- ☆26Nov 8, 2024Updated last year
- Callstack spoofing using a VEH because VEH all the things.☆23Mar 18, 2025Updated 11 months ago
- A repository filled with ideas to break/detect direct syscall techniques☆26Apr 21, 2022Updated 3 years ago
- Fix VMProtect Import Protection☆371Aug 12, 2021Updated 4 years ago
- Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread☆264Aug 31, 2025Updated 6 months ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆169May 17, 2023Updated 2 years ago
- Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2☆249Jul 5, 2022Updated 3 years ago
- An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in gen…☆855Feb 2, 2024Updated 2 years ago
- PE-Dump-Fixer☆111Mar 17, 2020Updated 5 years ago
- A basic demonstration of directly overwriting paging structures for physical memory r/w and interprocess memory copy☆103Jun 26, 2023Updated 2 years ago
- clearing traces of a loaded driver☆47Jul 2, 2022Updated 3 years ago
- A kernel mode Windows rootkit in development.☆49Dec 31, 2021Updated 4 years ago
- Support Windows OS Reversing by searching easily for references to functions across many DLLs☆36Jan 12, 2022Updated 4 years ago
- WTSRM☆216Aug 7, 2022Updated 3 years ago
- ☆14Apr 15, 2024Updated last year
- TypeLib persistence technique☆140Oct 22, 2024Updated last year