jschicht / EaTools
Analysis and manipulation of extended attribute ($EA) on NTFS
☆38Updated 9 years ago
Alternatives and similar repositories for EaTools:
Users that are interested in EaTools are comparing it to the libraries listed below
- A set of tools to retrieve and parse TCG measured boot logs. Microsoft refers to these as Windows Boot Confirguration Logs (WBCL). In ord…☆54Updated 6 years ago
- Parse Microsoft shim databases☆30Updated 2 months ago
- Named pipe I/O ETW provider for Windows☆70Updated 4 years ago
- A collection of free miscellaneous Windows tools☆131Updated 7 months ago
- Expand compressed files from WinSxS folder☆154Updated 8 months ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆130Updated 4 years ago
- A PowerShell module to assist in parsing and managing catalog files.☆21Updated 8 years ago
- WNF Utilities 4 Newbies (WNFUN)☆94Updated 6 years ago
- A local copy of Alex Ionescu's seemingly abandoned native-nt-toolkit project containing knowledge inherited from the ReactOS project.☆54Updated 5 years ago
- NTFS samples☆25Updated 4 years ago
- Example/starter code for custom Windows application compatibility shims☆33Updated 4 years ago
- The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Micro…☆151Updated 4 years ago
- Powerful commandline $MFT record editor.☆23Updated 9 years ago
- DotNext 2019 St. Petersburg Talk Demos☆40Updated 5 years ago
- BITS Transfers Manager☆40Updated this week
- BCD is a module to interact with boot configuration data (BCD) either locally or remotely using the ROOT/WMI:Bcd* WMI classes. The functi…☆60Updated 4 years ago
- Metadata hash incorporating the Rich Header for robustness against packing and other malware tricks☆64Updated 3 years ago
- Blocks drivers from loading by using a name collision technique. #nsacyber☆45Updated 7 years ago
- AppContainer and LPAC (Less Privileged AppContainer) Launcher with Capabilities☆59Updated 6 months ago
- Faster version of `symchk /om` for generating PDB manifests of offline machines☆19Updated 3 years ago
- ☆67Updated 2 years ago
- Enhanced version of the GFlags tool☆82Updated 5 years ago
- Windows Drivers☆97Updated 5 years ago
- extract and parse WEVT_TEMPLATEs from PE files☆18Updated last year
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆31Updated 4 years ago
- (unofficial) Hyper-V® Development Kit☆217Updated last year
- Library and tools to access the Windows Prefetch File (SCCA) format.☆73Updated 2 months ago
- API Set Viewer☆88Updated 2 months ago
- Diff tool for comparing symbols in PDB files☆84Updated 5 years ago
- Scripts to prepare Windows system for debugging.☆30Updated 4 years ago