jschicht / EaTools
Analysis and manipulation of extended attribute ($EA) on NTFS
☆39Updated 9 years ago
Related projects ⓘ
Alternatives and complementary repositories for EaTools
- A collection of free miscellaneous Windows tools☆123Updated 3 months ago
- WNF Utilities 4 Newbies (WNFUN)☆92Updated 5 years ago
- A set of tools to retrieve and parse TCG measured boot logs. Microsoft refers to these as Windows Boot Confirguration Logs (WBCL). In ord…☆53Updated 6 years ago
- Named pipe I/O ETW provider for Windows☆67Updated 4 years ago
- BCD is a module to interact with boot configuration data (BCD) either locally or remotely using the ROOT/WMI:Bcd* WMI classes. The functi…☆60Updated 4 years ago
- Windows Process Lockdown Tool using Job Objects☆69Updated 11 years ago
- Expand compressed files from WinSxS folder☆146Updated 4 months ago
- Scripts to prepare Windows system for debugging.☆30Updated 3 years ago
- ☆68Updated 2 years ago
- The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Micro…☆150Updated 4 years ago
- Parse Microsoft shim databases☆29Updated 2 months ago
- Example/starter code for custom Windows application compatibility shims☆31Updated 3 years ago
- DotNext 2019 St. Petersburg Talk Demos☆36Updated 5 years ago
- A PowerShell module to assist in parsing and managing catalog files.☆20Updated 7 years ago
- All TMF files that I extracted from Microsoft PDBs.☆12Updated 5 years ago
- Enhanced version of the GFlags tool☆82Updated 5 years ago
- extract and parse WEVT_TEMPLATEs from PE files☆18Updated 10 months ago
- A GUI version of the classic PoolMon tool☆111Updated 6 years ago
- Run executables in an AppContainer☆118Updated 5 years ago
- This tool is the result of a reverse engineering process of the Windows service called SysMain. Time to interact with the prefetch files …☆30Updated 4 years ago
- Faster version of `symchk /om` for generating PDB manifests of offline machines☆19Updated 3 years ago
- BITS Transfers Manager☆40Updated 2 years ago
- Run any executable as SYSTEM account (no service required)☆123Updated 6 months ago
- Windows Detour Hooking in PowerShell☆72Updated 5 months ago
- Lnk file parser☆79Updated 2 months ago
- A local copy of Alex Ionescu's seemingly abandoned native-nt-toolkit project containing knowledge inherited from the ReactOS project.☆53Updated 5 years ago
- Command line utility for copying files on NTFS using low level disk access☆32Updated 8 months ago
- ☆12Updated 3 years ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆129Updated 4 years ago