kkoha / EvtxCarv
recovers and reconstructs fragmented Evtx files from disk images, memory dumps, pagefiles and unallocated space
☆13Updated 9 years ago
Related projects ⓘ
Alternatives and complementary repositories for EvtxCarv
- Handy WMI query tool.☆12Updated 8 years ago
- Windows registry files interactive viewer☆9Updated 7 years ago
- Windows device tree walker☆15Updated 6 years ago
- Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.☆21Updated 7 years ago
- Windows Kernel Mode PCRE☆10Updated 9 years ago
- Common Malware Techniques☆13Updated last year
- Legal access: The driver and console app to demonstrate the basic memory access in kernel mode☆9Updated 6 years ago
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Updated 7 years ago
- ☆13Updated 7 years ago
- simple plugin for lastest olly versions to display the callstack☆15Updated 11 years ago
- User-mode process cross-checking utility intended to detect naive malware hiding itself by hooking IAT/EAT.☆18Updated 8 years ago
- A library that allows hook any imported function from the IAT (works only in x64)☆11Updated 5 years ago
- ☆13Updated 6 years ago
- hooking KiUserApcDispatcher☆22Updated 7 years ago
- ☆14Updated 9 years ago
- ☆11Updated 7 years ago
- Framework complet d'analyse de malware☆12Updated 8 years ago
- ☆10Updated 8 years ago
- ☆9Updated 10 years ago
- Allows you to add breakpoints from IDA (from the graph/text view) to WinDbg easily☆14Updated 6 years ago
- Ssdt Hook Detection tool☆12Updated 8 years ago
- Lists work items being queued currently.☆12Updated 9 years ago
- PE Infector/Cryptor source code☆15Updated 7 years ago
- wow64 syscall filter☆13Updated 10 years ago
- Use Windows Management Instrumentation interfaces to perform actions on a Windows system from a Linux System☆16Updated 12 years ago