leandrofroes / gftrace
A command line Windows API tracing tool for Golang binaries.
☆146Updated 9 months ago
Related projects: ⓘ
- An automation plugin for Tiny-Tracer framework to trace and watch functions directly out of the executable's import table or trace logs (…☆105Updated 2 months ago
- ☆103Updated last month
- ☆92Updated this week
- GarbageMan is a set of tools for analyzing .NET binaries through heap analysis.☆114Updated last year
- masm32 kernel programming, drivers, tutorials, examples, and tools (credits Four-F)☆114Updated last year
- Small tool to convert beteween the PE alignments (raw and virtual).☆74Updated last year
- A tool that automates regex generation for the x86 and x86-64 instruction sets☆61Updated 5 months ago
- Use YARA rules on Time Travel Debugging traces☆86Updated last year
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆101Updated 3 weeks ago
- Recon 2023 slides and code☆77Updated last year
- ROP ROCKET is an advanced code-reuse attack framework, with extensive ROP chain generation capabilities, including for novel Windows Sysc…☆106Updated 2 weeks ago
- msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.☆148Updated 8 months ago
- Admin to Kernel code execution using the KSecDD driver☆232Updated 5 months ago
- ☆94Updated last year
- Get information about stripped rust executables☆18Updated 2 weeks ago
- Tools and technical write-ups describing attacking techniques that rely on concealing code execution on Windows☆194Updated 2 years ago
- a PE Loader and Windows API tracer. Useful in malware analysis.☆138Updated 2 years ago
- Writeups for CTF challenges☆28Updated 10 months ago
- LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time.☆247Updated 8 months ago
- This novel way of using NtQueueApcThreadEx by abusing the ApcRoutine and SystemArgument[0-3] parameters by passing a random pop r32; ret …☆227Updated last year
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆219Updated 11 months ago
- MalUnpack companion driver☆92Updated 3 months ago
- ETW based POC to identify direct and indirect syscalls☆170Updated last year
- Static Binary Instrumentation tool for Windows x64 executables☆176Updated last month
- Finding secrets in kernel and user memory☆112Updated last year
- ☆70Updated 2 months ago
- A collection of modules and scripts to help with analyzing Nim binaries☆58Updated 3 weeks ago
- ☆102Updated 2 months ago
- A small program written in C that is designed to load 32/64-bit shellcode and allow for execution or debugging. Can also output PE files …☆121Updated 2 months ago
- IDA Pro plugin for recognizing known hashes of API function names☆82Updated 2 years ago