jay / gethooksLinks
GetHooks is a program designed for the passive detection and monitoring of hooks from a limited user account.
☆61Updated 4 years ago
Alternatives and similar repositories for gethooks
Users that are interested in gethooks are comparing it to the libraries listed below
Sorting:
- PoC for detecting and dumping code injection (built and extended on UnRunPE)☆57Updated 6 years ago
- Simple proof of concept code for injecting libraries on 64bit processes from a 32bit process☆96Updated 6 years ago
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆58Updated 9 years ago
- WinDbg debugger extension library providing various tools to analyse, dump and fix (restore) Microsoft Portable Executable files for both…☆84Updated 11 months ago
- Library for kernel and user mode splicing for Windows (x86 and x64).☆64Updated 12 years ago
- C++☆80Updated 8 years ago
- Helper utility for debugging windows PE/PE+ loader.☆52Updated 10 years ago
- Analyze and attack windows applications using dll hijacking vulnerabilities☆58Updated 5 years ago
- PoC for detecting and dumping process hollowing code injection☆52Updated 6 years ago
- A tool to help malware analysts tell that the sample is injecting code into other process.☆78Updated 10 years ago
- Use WinDBG to trace the Windows API calls of any Portable Executable file☆31Updated 8 years ago
- Windows kernel-mode callbacks tutorial driver☆47Updated 9 years ago
- DirectNtApi - simple method to make ntapi function call without importing or walking export table. Work under Windows 7, 8 and 10☆53Updated last year
- Standalone program to download PDB Symbol files for debugging without WDK☆79Updated 6 years ago
- drvtriks kernel driver for Windows 7 SP1 and 8.1 x64, that tricks around in your system.☆33Updated 7 years ago
- This is a sample that shows how to leverage SetThreadContext for DLL injection☆84Updated 7 years ago
- A simple API monitor for Windbg☆63Updated 8 years ago
- ☆57Updated 11 years ago
- User-mode hook bypassing method☆33Updated 8 years ago
- MSI NTIOLib/WinIO Local Privilege Escalation exploit☆96Updated 8 years ago
- Open and generic Anti-Anti Reversing Framework. Works in 32 and 64 bits.☆65Updated 12 years ago
- Call 32bit NtDLL API directly from WoW64 Layer☆60Updated 4 years ago
- A session-0 capable dll injection utility☆76Updated 7 years ago
- library, which help to describe or load and execute PE files.☆54Updated 12 years ago
- Takes a Windbg dumped structure (using the 'dt' command) and formats it into a C structure☆36Updated last year
- Library for ETW, ProcessTracker sample based on ETW☆33Updated 8 years ago
- Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.☆79Updated 14 years ago
- ☆80Updated 7 years ago
- ☆34Updated 7 years ago
- A minifilter driver preserves all modified and deleted files.☆80Updated 10 years ago