A process overwriting its own PEB to make an illusion that it has been loaded from a different path.
☆99Jun 24, 2021Updated 4 years ago
Alternatives and similar repositories for process_chameleon
Users that are interested in process_chameleon are comparing it to the libraries listed below
Sorting:
- My solutions for random crackmes and other challenges☆12Dec 23, 2019Updated 6 years ago
- Шаблон полнофункционального драйвера и обёртки над ядерным API☆114Aug 28, 2016Updated 9 years ago
- ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports pay…☆229Mar 22, 2023Updated 2 years ago
- My implementation of enSilo's Process Doppelganging (PE injection technique)☆638Aug 30, 2022Updated 3 years ago
- Archive of ransomware decryptors☆34Dec 7, 2017Updated 8 years ago
- Analysing and defeating PatchGuard universally☆36Nov 4, 2020Updated 5 years ago
- A more stealthy variant of "DLL hollowing"☆363Mar 8, 2024Updated last year
- ☆84Aug 26, 2024Updated last year
- Simple driver to register all available process, thread, image, Registry, and Object callbacks☆124Oct 5, 2017Updated 8 years ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆22Apr 13, 2018Updated 7 years ago
- A ready-made template for a project based on libpeconv.☆51Oct 31, 2025Updated 4 months ago
- x64dbg scripts for finding OEP of packers☆15Oct 22, 2018Updated 7 years ago
- ☆15Jul 22, 2024Updated last year
- Windows driver including couple different techniques for file removal when regular operation isn't possible.☆70Feb 11, 2016Updated 10 years ago
- a demo for x86/x64's paging memory management learning, convert a virtual address from ring3 to physical address in ring0☆19Aug 26, 2017Updated 8 years ago
- Set of antianalysis techniques found in malware☆133Aug 25, 2023Updated 2 years ago
- ☆13Jul 11, 2017Updated 8 years ago
- A set of small utilities, helpers for PIN tracers☆37Feb 15, 2026Updated 2 weeks ago
- Demos of various (also non standard) persistence methods used by malware☆224Mar 5, 2023Updated 2 years ago
- Parser for a custom executable formats from Hidden Bee and Rhadamanthys malware☆58Aug 6, 2025Updated 6 months ago
- Lightweight Portable Executable parsing library and a demo peParser application.☆80Jan 5, 2023Updated 3 years ago
- pass game protect☆12Apr 26, 2014Updated 11 years ago
- Plugin for x64dbg to break on unresolved APIs.☆13Oct 4, 2017Updated 8 years ago
- ☆10Mar 30, 2016Updated 9 years ago
- Writing WDF Drivers I: Core Concepts Lab Material☆53Updated this week
- Decoders for 7ev3n ransomware☆17Oct 24, 2016Updated 9 years ago
- Shell Tool for BIOS Developer☆12Jan 20, 2017Updated 9 years ago
- Kernel Shellcode to add all privileges in token☆15Mar 13, 2017Updated 8 years ago
- x64dbg Dark Theme - Own use☆31Apr 4, 2019Updated 6 years ago
- ☆27Apr 4, 2019Updated 6 years ago
- Example of hijacking system calls via function pointer tables☆31Jun 26, 2021Updated 4 years ago
- XEDParse emulator based on asmjit/asmtk.☆21Mar 22, 2024Updated last year
- Framework for vulnerability fuzzing and reverse-engineering tool development.☆23Jul 25, 2023Updated 2 years ago
- more at http://www.zer0mem.sk/?p=271☆12Jun 11, 2013Updated 12 years ago
- Software Distribution Service☆12Jul 2, 2015Updated 10 years ago
- Microsoft Windows real time file integrity monitoring and filtering using minifilter technology, this is was my university final project☆11Oct 17, 2014Updated 11 years ago
- Native module dumper☆13Aug 28, 2017Updated 8 years ago
- An experimental dynamic malware unpacker based on Intel Pin and PE-sieve☆63Aug 21, 2024Updated last year
- My take on the capcom driver vulnerability☆28Aug 7, 2017Updated 8 years ago