A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using InstrumentationCallback.
☆39Sep 23, 2023Updated 2 years ago
Alternatives and similar repositories for InstrumentationCallbackToolKit
Users that are interested in InstrumentationCallbackToolKit are comparing it to the libraries listed below
Sorting:
- Use NtSetInformationThread(ThreadBreakOnTermination) for anti-debugging☆15Sep 21, 2019Updated 6 years ago
- ☆24Jul 15, 2023Updated 2 years ago
- C# API for Nidhogg rootkit☆21Apr 25, 2024Updated last year
- modern c++ wrapper around the microsoft portable executable file format☆35Nov 22, 2025Updated 4 months ago
- ☆26Dec 29, 2021Updated 4 years ago
- Reversed WintaPix Malware Source code | That targets countries in the Middle East and abuse KeServiceDescriptorTable(SSDT), persistence a…☆22Jul 6, 2024Updated last year
- really ?☆12Feb 29, 2024Updated 2 years ago
- ☆20Jul 23, 2023Updated 2 years ago
- Templated Obfuscation example in C++ for protecting/hiding values in memory☆40Feb 1, 2025Updated last year
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆134May 17, 2023Updated 2 years ago
- petitboot for ps3 with kexec "sort_segments failed" fixed☆12May 28, 2025Updated 9 months ago
- A fully static Roblox Client Decryptor☆32Aug 30, 2025Updated 6 months ago
- ☆11Jun 24, 2024Updated last year
- clone from myJIT(a fork of GNU lightning)☆11Mar 17, 2015Updated 11 years ago
- ☆29Nov 22, 2023Updated 2 years ago
- 废物自救项目!一起向光而行!!!☆11May 7, 2022Updated 3 years ago
- ☆21Feb 23, 2022Updated 4 years ago
- Uses ghidra to find all ETW write metadata for each API in a PE file☆28Jul 26, 2024Updated last year
- RE for champions☆15Mar 10, 2026Updated last week
- Winsocket for Cobalt Strike.☆104Jul 6, 2023Updated 2 years ago
- What makes it page☆17Aug 24, 2022Updated 3 years ago
- A lightweight C++ library designed for function interception within injected DLLs, providing a streamlined approach to modifying applicat…☆41Oct 19, 2023Updated 2 years ago
- A manual PE mapping implementation, aka reflective loader☆21Feb 28, 2026Updated 3 weeks ago
- codes for my blog post: https://secrary.com/Random/InstrumentationCallback/☆182Nov 30, 2017Updated 8 years ago
- A minimalistic logger for Windows Kernel Drivers.☆25Mar 8, 2024Updated 2 years ago
- Dangling COM Keys Finder☆17Nov 16, 2021Updated 4 years ago
- Just a git repo for the sleepmask detection rule i found in https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-…☆16Jun 4, 2025Updated 9 months ago
- Awesome MalDev Links☆52Updated this week
- ☆27Oct 16, 2017Updated 8 years ago
- A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.☆158Nov 14, 2021Updated 4 years ago
- ☆17Apr 18, 2023Updated 2 years ago
- Source code to a Roblox exploit with 98% UNC.☆11Oct 14, 2023Updated 2 years ago
- This project is an implant framework designed for long term persistent access to Windows machines.☆108Sep 22, 2023Updated 2 years ago
- ☆120Dec 11, 2025Updated 3 months ago
- random code snippets, useful for getting started☆122Nov 29, 2025Updated 3 months ago
- Modules for my C2 course students to use for their own projects.☆73Jun 13, 2023Updated 2 years ago
- This is similar to GdrvLoader but it works on EAC (& BE but same for GdrvLoader) with included gdrv.sys (cert)☆33Dec 8, 2025Updated 3 months ago
- [WIP] claude opus x86_64 disassembler/lifter/recompiler☆33Feb 12, 2026Updated last month
- My personal shellcode loader☆32Mar 9, 2023Updated 3 years ago