Alternatives and similar repositories for EvtxCarv

Users that are interested in EvtxCarv are comparing it to the libraries listed below

• kernullist / krn_pcre
  Windows Kernel Mode PCRE
  ☆10Updated 10 years ago
• ghonsa / DeviceDmp
  Windows device tree walker
  ☆15Updated 6 years ago
• hailehong95 / practice-maldev
  Common Malware Techniques
  ☆13Updated 2 years ago
• Mirraz / regparser
  Windows registry files interactive viewer
  ☆9Updated 8 years ago
• aeoliazhang / windows_knifetool
  windows内核小工具，包含APP和driver
  ☆11Updated 10 years ago
• killvxk / THL-StealthDLLInjection
  ☆10Updated 11 years ago
• 0xdabbad00 / OpenHIPS
  OpenHIPS prevents exploitation of Windows systems
  ☆35Updated 12 years ago
• AzureGreen / WinNT-Learning
  Notes my learning steps about Windows-NT
  ☆23Updated 8 years ago
• everdox / pintools
  Contains various pintools to supplement the Intel DBI framework
  ☆12Updated 10 years ago
• wolk-1024 / WoW64Utils
  WoW64 -> x64
  ☆19Updated 8 years ago
• aaaddress1 / APCInjector-BYPASS-AV
  ☆19Updated 9 years ago
• mgeeky / prc_xchk
  User-mode process cross-checking utility intended to detect naive malware hiding itself by hooking IAT/EAT.
  ☆19Updated 9 years ago
• tandasat / ListWorkItems
  Lists work items being queued currently.
  ☆14Updated 10 years ago
• ohierro / gDrive
  Google Drive windows virtual unit
  ☆9Updated 12 years ago
• emc2314 / PEZEncrypt
  PE Infector/Cryptor source code
  ☆15Updated 8 years ago
• zer0fl4g / OllyCallstack
  simple plugin for lastest olly versions to display the callstack
  ☆16Updated 12 years ago
• russellklenk / ETW
  Event Tracing for Windows Custom Events
  ☆21Updated 10 years ago
• IgorKorkin / AllMemProTestBed
  Legal access: The driver and console app to demonstrate the basic memory access in kernel mode
  ☆9Updated 7 years ago
• changeofpace / Remote-Process-Cookie-for-Windows-7
  Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.
  ☆22Updated 8 years ago
• dgros / Malware_Analyzer
  Framework complet d'analyse de malware
  ☆12Updated 9 years ago
• somma / wmiq
  Handy WMI query tool.
  ☆12Updated 9 years ago
• wj32 / umkcf
  User-mode kernel callback framework
  ☆10Updated 11 years ago
• papadp / shd
  Ssdt Hook Detection tool
  ☆13Updated 8 years ago
• somma / bob_dbg
  ☆10Updated 8 years ago
• blaquee / APCHook
  hooking KiUserApcDispatcher
  ☆24Updated 8 years ago
• arcpop / Observer
  ☆17Updated 8 years ago
• Microwave89 / win7-x64-ndk
  Native Development Kit for Vista 64bit And Later, by me, Based on NDK Headers 1.0, by Alex Ionescu
  ☆17Updated 9 years ago
• gguaiker / Malwarebytes_POC
  Malwarebytes Antivirus CVE
  ☆8Updated 7 years ago
• 0xAcid / CuckooMon---Calling-address
  This repository is a clne of the new cuckoo monitor where I added some stuff to get the calling address for every hooked API
  ☆8Updated 9 years ago
• flankersky / WinStack
  Try to transport the tcpip stack of ReactOS to Windows XP.
  ☆17Updated 11 years ago