A process overwriting its own PEB to make an illusion that it has been loaded from a different path.
☆99Jun 24, 2021Updated 4 years ago
Alternatives and similar repositories for process_chameleon
Users that are interested in process_chameleon are comparing it to the libraries listed below
Sorting:
- My solutions for random crackmes and other challenges☆12Dec 23, 2019Updated 6 years ago
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated 2 years ago
- ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports pay…☆230Mar 22, 2023Updated 3 years ago
- My implementation of enSilo's Process Doppelganging (PE injection technique)☆640Aug 30, 2022Updated 3 years ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆22Apr 13, 2018Updated 7 years ago
- ☆84Aug 26, 2024Updated last year
- Set of antianalysis techniques found in malware☆133Aug 25, 2023Updated 2 years ago
- A ready-made template for a project based on libpeconv.☆52Oct 31, 2025Updated 4 months ago
- Archive of ransomware decryptors☆34Dec 7, 2017Updated 8 years ago
- Analysing and defeating PatchGuard universally☆35Nov 4, 2020Updated 5 years ago
- A set of small utilities, helpers for PIN tracers☆37Feb 15, 2026Updated last month
- Decoders for 7ev3n ransomware☆17Oct 24, 2016Updated 9 years ago
- Demos of various (also non standard) persistence methods used by malware☆224Mar 5, 2023Updated 3 years ago
- Шаблон полнофункционального драйвера и обёртки над ядерным API☆113Aug 28, 2016Updated 9 years ago
- A small library helping to parse commandline parameters (for C/C++)☆57May 25, 2025Updated 9 months ago
- Parser for a custom executable formats from Hidden Bee and Rhadamanthys malware☆58Aug 6, 2025Updated 7 months ago
- Execute an arbitrary command within the context of another process☆21Jun 28, 2019Updated 6 years ago
- Simple driver to register all available process, thread, image, Registry, and Object callbacks☆124Oct 5, 2017Updated 8 years ago
- Simple header only library to change return address on current stack frame.☆22Sep 4, 2016Updated 9 years ago
- ☆15Jul 22, 2024Updated last year
- ☆18Apr 4, 2019Updated 6 years ago
- Set of my small utils related to cryptography, encoding, decoding etc☆95Sep 1, 2025Updated 6 months ago
- Various shellcodes☆12Sep 1, 2020Updated 5 years ago
- Example of hijacking system calls via function pointer tables☆31Jun 26, 2021Updated 4 years ago
- A wrapper for capstone for bearparser☆16Oct 8, 2025Updated 5 months ago
- Software Distribution Service☆12Jul 2, 2015Updated 10 years ago
- Windows x64 Process Scanner to detect application compatability shims☆37Oct 17, 2018Updated 7 years ago
- findLoop - find possible encryption/decryption or compression/decompression code☆28Mar 30, 2019Updated 6 years ago
- Lightweight Portable Executable parsing library and a demo peParser application.☆81Jan 5, 2023Updated 3 years ago
- Converts a DLL into EXE☆816Jul 23, 2023Updated 2 years ago
- My solutions for HackSys Extreme Vulnerable Driver☆12Apr 22, 2018Updated 7 years ago
- a demo for x86/x64's paging memory management learning, convert a virtual address from ring3 to physical address in ring0☆19Aug 26, 2017Updated 8 years ago
- ☆23Feb 3, 2021Updated 5 years ago
- XEDParse emulator based on asmjit/asmtk.☆21Mar 22, 2024Updated 2 years ago
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆581Mar 8, 2024Updated 2 years ago
- Windows driver including couple different techniques for file removal when regular operation isn't possible.☆71Feb 11, 2016Updated 10 years ago
- Plugin for x64dbg to break on unresolved APIs.☆13Oct 4, 2017Updated 8 years ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆686Mar 11, 2024Updated 2 years ago
- pass game protect☆12Apr 26, 2014Updated 11 years ago