jay / gethooks
GetHooks is a program designed for the passive detection and monitoring of hooks from a limited user account.
☆61Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for gethooks
- Helper utility for debugging windows PE/PE+ loader.☆50Updated 9 years ago
- WinDbg debugger extension library providing various tools to analyse, dump and fix (restore) Microsoft Portable Executable files for both…☆81Updated 2 months ago
- Library for kernel and user mode splicing for Windows (x86 and x64).☆62Updated 12 years ago
- Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.☆73Updated 13 years ago
- PoC for detecting and dumping code injection (built and extended on UnRunPE)☆54Updated 6 years ago
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆59Updated 8 years ago
- Decrement Windows Kernel for fun and profit☆39Updated 6 years ago
- Automatically exported from code.google.com/p/portable-executable-library☆23Updated 5 years ago
- This is a sample that shows how to leverage SetThreadContext for DLL injection☆81Updated 7 years ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆19Updated 6 years ago
- Simple proof of concept code for injecting libraries on 64bit processes from a 32bit process☆93Updated 6 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆53Updated 5 years ago
- Open and generic Anti-Anti Reversing Framework. Works in 32 and 64 bits.☆64Updated 12 years ago
- A simple API monitor for Windbg☆62Updated 7 years ago
- Analyze and attack windows applications using dll hijacking vulnerabilities☆55Updated 5 years ago
- just an lite AntiRootkit for interesting☆23Updated 8 years ago
- A tool to help malware analysts tell that the sample is injecting code into other process.☆75Updated 9 years ago
- VrtuleTree is a tool that displays information about driver and device objects present in the system and relations between them. Its func…☆57Updated 3 years ago
- Standalone program to download PDB Symbol files for debugging without WDK☆73Updated 5 years ago
- ☆28Updated 9 years ago
- Plugin for Process Hacker 2 ( https://github.com/processhacker2 ), displays system hooks and able to unhook too.☆49Updated 6 years ago
- File system minifilter driver for Windows to block symbolic link attacks.☆51Updated 3 years ago
- A command line tool to load and unload a device driver.☆44Updated 7 years ago
- Anti-Anti-VM solution via Windows Driver☆54Updated 6 years ago
- Hidden kernel mode code execution for bypassing modern anti-rootkits.☆80Updated 13 years ago
- Takes a Windbg dumped structure (using the 'dt' command) and formats it into a C structure☆33Updated 4 months ago
- Advance LPC☆59Updated 7 years ago
- ☆26Updated 6 years ago
- Multi-purpose proof-of-concept tool based on CPU-Z CVE-2017-15303☆107Updated 6 years ago