Alternatives and similar repositories for EvtxCarv:

Users that are interested in EvtxCarv are comparing it to the libraries listed below

• somma / wmiq
  Handy WMI query tool.
  ☆12Updated 8 years ago
• kernullist / krn_pcre
  Windows Kernel Mode PCRE
  ☆10Updated 10 years ago
• hailehong95 / practice-maldev
  Common Malware Techniques
  ☆13Updated last year
• killvxk / THL-StealthDLLInjection
  ☆10Updated 10 years ago
• ghonsa / DeviceDmp
  Windows device tree walker
  ☆15Updated 6 years ago
• Mirraz / regparser
  Windows registry files interactive viewer
  ☆9Updated 7 years ago
• dgros / Malware_Analyzer
  Framework complet d'analyse de malware
  ☆12Updated 9 years ago
• xiaobfly / TsFltMgr
  ☆14Updated 9 years ago
• ecrasy / IniParser
  C++ class for ini parser
  ☆8Updated 8 years ago
• AzureGreen / WinNT-Learning
  Notes my learning steps about Windows-NT
  ☆23Updated 7 years ago
• russellklenk / ETW
  Event Tracing for Windows Custom Events
  ☆21Updated 10 years ago
• tandasat / ListWorkItems
  Lists work items being queued currently.
  ☆13Updated 9 years ago
• IgorKorkin / AllMemProTestBed
  Legal access: The driver and console app to demonstrate the basic memory access in kernel mode
  ☆9Updated 7 years ago
• ohierro / gDrive
  Google Drive windows virtual unit
  ☆9Updated 11 years ago
• aeoliazhang / windows_knifetool
  windows内核小工具，包含APP和driver
  ☆11Updated 10 years ago
• irqlevel / filter
  windows ntfs legasy file system filter
  Updated 9 years ago
• floomby / injector
  does reflective dll injection
  ☆8Updated 11 years ago
• zer0fl4g / OllyCallstack
  simple plugin for lastest olly versions to display the callstack
  ☆16Updated 11 years ago
• everdox / pintools
  Contains various pintools to supplement the Intel DBI framework
  ☆12Updated 9 years ago
• changeofpace / Remote-Process-Cookie-for-Windows-7
  Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.
  ☆22Updated 7 years ago
• papadp / shd
  Ssdt Hook Detection tool
  ☆13Updated 8 years ago
• mgeeky / prc_xchk
  User-mode process cross-checking utility intended to detect naive malware hiding itself by hooking IAT/EAT.
  ☆19Updated 8 years ago
• arcpop / Observer
  ☆17Updated 8 years ago
• sin5678 / wow64hook
  wow64 syscall filter
  ☆13Updated 10 years ago
• almost-real / IDBG
  Allows you to add breakpoints from IDA (from the graph/text view) to WinDbg easily
  ☆14Updated 6 years ago
• VertexToEdge / WindowFunctionTracer
  Window Executable file Function tracer using Debugging API
  ☆44Updated 5 years ago
• after1990s / InjectSolution
  ☆12Updated 9 years ago
• gguaiker / Malwarebytes_POC
  Malwarebytes Antivirus CVE
  ☆8Updated 7 years ago
• codereversing / apicall_replacement
  An idea in hooking APIs by replacing calls that lead to them
  ☆1Updated 2 years ago
• zzg19950727 / MiniFileEnc
  ☆7Updated 7 years ago