jschicht / EaTools
Analysis and manipulation of extended attribute ($EA) on NTFS
☆38Updated 9 years ago
Alternatives and similar repositories for EaTools:
Users that are interested in EaTools are comparing it to the libraries listed below
- Parse Microsoft shim databases☆30Updated 3 months ago
- A set of tools to retrieve and parse TCG measured boot logs. Microsoft refers to these as Windows Boot Confirguration Logs (WBCL). In ord…☆55Updated 6 years ago
- Named pipe I/O ETW provider for Windows☆70Updated 4 years ago
- Library and tools to access the Windows Prefetch File (SCCA) format.☆73Updated 3 months ago
- A PowerShell module to assist in parsing and managing catalog files.☆21Updated 8 years ago
- Lnk file parser☆86Updated 2 months ago
- BCD is a module to interact with boot configuration data (BCD) either locally or remotely using the ROOT/WMI:Bcd* WMI classes. The functi…☆60Updated 4 years ago
- extract and parse WEVT_TEMPLATEs from PE files☆18Updated last year
- Library and tools to access the Windows NT Registry File (REGF) format☆116Updated 7 months ago
- A collection of free miscellaneous Windows tools☆132Updated 7 months ago
- Scripts to prepare Windows system for debugging.☆30Updated 4 years ago
- WNF Utilities 4 Newbies (WNFUN)☆94Updated 6 years ago
- Faster version of `symchk /om` for generating PDB manifests of offline machines☆19Updated 3 years ago
- NTFS samples☆25Updated 4 years ago
- AppContainer and LPAC (Less Privileged AppContainer) Launcher with Capabilities☆59Updated 6 months ago
- A local copy of Alex Ionescu's seemingly abandoned native-nt-toolkit project containing knowledge inherited from the ReactOS project.☆54Updated 5 years ago
- DotNext 2019 St. Petersburg Talk Demos☆40Updated 5 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 4 years ago
- The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Micro…☆151Updated 4 years ago
- Extension blocks as found in ShellBags and other places in the Registry☆24Updated 3 months ago
- Example/starter code for custom Windows application compatibility shims☆31Updated 4 years ago
- ☆65Updated last month
- Blocks drivers from loading by using a name collision technique. #nsacyber☆48Updated 7 years ago
- Windows Prefetch parser. Supports all known versions from Windows XP to Windows 10.☆111Updated 3 months ago
- Powerful commandline $MFT record editor.☆23Updated 9 years ago
- Windows Rregistry Linking Utility☆49Updated 3 years ago
- ☆67Updated 2 years ago
- Enhanced version of the GFlags tool☆83Updated 5 years ago
- Run executables in an AppContainer☆121Updated 6 years ago
- Diff tool for comparing symbols in PDB files☆82Updated 5 years ago