kphongagsorn / windows-undocumented-apis
Projects on undocumented windows APIs, a keylogger PoC, and dll injection PoC. Based off of a Defcon workshop
☆34Updated 7 years ago
Alternatives and similar repositories for windows-undocumented-apis:
Users that are interested in windows-undocumented-apis are comparing it to the libraries listed below
- Call 32bit NtDLL API directly from WoW64 Layer☆60Updated 4 years ago
- A ready-made template for a project based on libpeconv.☆46Updated last month
- A simple password-based PE encryptor for Windows 32-bit executables.☆51Updated 2 months ago
- View handles and object for each object type☆62Updated 5 years ago
- Crash Windows 10 up to RS2 from an unprivileged process☆41Updated 7 years ago
- Windows x64 Process Scanner to detect application compatability shims☆37Updated 6 years ago
- A set of small utilities, helpers for PIN tracers☆31Updated last year
- A template for projects using both libPeConv and MS Detours☆14Updated last year
- An experimental dynamic malware unpacker based on Intel Pin and PE-sieve☆59Updated 7 months ago
- Windows 10 PE image loader (LDR) NTDLL component toolbox☆49Updated 5 years ago
- A simple POC to demonstrate the power of .NET debugging for injection☆72Updated 4 years ago
- A small library helping to parse commandline parameters (for C/C++)☆56Updated last year
- Diff plugin for x64dbg☆31Updated 4 years ago
- Win32 memory leak detector with ETW☆41Updated 7 years ago
- Diff tool for comparing symbols in PDB files☆82Updated 5 years ago
- .NET wrapper for dbghelp.dll☆21Updated 5 years ago
- Dump certificates from PE files in different formats☆38Updated last year
- Enumerate user mode shared memory mappings on Windows.☆118Updated 4 years ago
- Demos for Presentation on Windows Runtime Security☆69Updated 6 years ago
- A console debugger using DbgX and Terminal.Gui☆29Updated 2 years ago
- Yet another Windows DLL injector.☆38Updated 3 years ago
- .NET instrumentation framework☆72Updated 7 years ago
- Clone running process with ZwCreateProcess☆57Updated 4 years ago
- Dumps information about all the callback objects found in a dump file and the functions registered for them☆35Updated 4 years ago
- .NET library for hooking and dumping Clr☆42Updated 9 months ago
- ☆33Updated 3 years ago
- Helper scripts for analyzing NativeAOT compiled .NET binaries with Ghidra☆68Updated last year
- Bare template for a Kernel Mode Driver☆51Updated 5 years ago
- UIAccess UAC Bypass using token duplication and keyboard events☆27Updated 5 years ago
- An example pattern in C# for using WMI to monitor process creation and termination events.☆52Updated 6 years ago