idan1288 / ProcessHollowing32-64View external linksLinks
Process Hollowing for 32 bit and 64 bit
☆79Nov 10, 2017Updated 8 years ago
Alternatives and similar repositories for ProcessHollowing32-64
Users that are interested in ProcessHollowing32-64 are comparing it to the libraries listed below
Sorting:
- A small commented POC for removing API hooks placed by AV/EDR.☆34Jun 12, 2020Updated 5 years ago
- Register a callback from a Manually mapped kernel module☆15Feb 1, 2022Updated 4 years ago
- Process Hollowing (Malware Technique)☆1,390Oct 1, 2025Updated 4 months ago
- An implementation of the Process Hollowing technique.☆16Dec 13, 2020Updated 5 years ago
- Executes 64bit code from a 32bit process☆241Jul 23, 2017Updated 8 years ago
- Remote PE reflective injection with a simple reflective loader☆32Jun 28, 2019Updated 6 years ago
- AES Crypter for Society of Engineers Remote Access Trojan (RAT) Project Lead: Derek Ta Security Programmer: Taegan Warren☆16Nov 29, 2014Updated 11 years ago
- ☆21Mar 24, 2015Updated 10 years ago
- v1版完成对PE头,区段,输入表的解析☆11Apr 16, 2018Updated 7 years ago
- A dynamic VMP dumper and import fixer, powered by VTIL.☆44Sep 3, 2020Updated 5 years ago
- Inject dll to process in driver☆10Aug 27, 2024Updated last year
- An example of PE hollowing injection technique☆25Jun 28, 2019Updated 6 years ago
- A SOCKS5-configured syscall hook that allows transparent TCP proxying on Windows for IPv4 and IPv6.☆26Jul 9, 2021Updated 4 years ago
- User-mode hook bypassing method☆33Aug 26, 2016Updated 9 years ago
- GUI Application in C# to run and disassemble shellcode☆36Aug 3, 2017Updated 8 years ago
- Win32 API Hook偵測☆10Oct 1, 2017Updated 8 years ago
- Various Crypter Project☆55Feb 26, 2014Updated 11 years ago
- ☆155Aug 17, 2020Updated 5 years ago
- IDA script for vmprotect Windows Api address decoder☆54Jun 8, 2021Updated 4 years ago
- Convert native dll to shellcode, and support exported function☆25Feb 10, 2021Updated 5 years ago
- a program to detect reflective dll injection on a live machine☆76Dec 12, 2015Updated 10 years ago
- ☆37May 9, 2019Updated 6 years ago
- This is a sample that shows how to leverage SetThreadContext for DLL injection☆85Sep 4, 2017Updated 8 years ago
- A tool that reads a PE file from a byte array buffer and injects it into memory.☆28Aug 5, 2019Updated 6 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆97Sep 26, 2019Updated 6 years ago
- ☆14Apr 7, 2018Updated 7 years ago
- With this RunPE you can easily inject your payload in any x86 or x64 program.☆15Jun 3, 2019Updated 6 years ago
- adversarial machine learning for anti-malware software☆12May 17, 2018Updated 7 years ago
- Tiny driver patch to allow kernel callbacks to work on Win10 21h1☆34Feb 7, 2022Updated 4 years ago
- ☆12Sep 18, 2018Updated 7 years ago
- 基于windivert实现的windows数据包转发,实现转发socks5,支持tcp/udp 支持远程dns解析☆14Jan 17, 2020Updated 6 years ago
- Simple Cryptor on C ++ without using .NET and other nonsense.☆12Sep 4, 2025Updated 5 months ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆70Jun 30, 2019Updated 6 years ago
- execute a PE in the address space of another PE aka process hollowing☆60Dec 2, 2021Updated 4 years ago
- Reflective PE loader for DLL injection☆186Oct 12, 2017Updated 8 years ago
- win32/x64 obfuscate framework☆33Apr 16, 2019Updated 6 years ago
- Hook system calls, context switches, page faults and more.☆34Jul 25, 2019Updated 6 years ago
- Helper library for x86 programs that runs under WOW64 layer on x64 versions of Microsoft Windows operating systems.☆1,000Jan 17, 2023Updated 3 years ago
- ☆18Aug 19, 2021Updated 4 years ago