m0n0ph1 / IAT-Hooking-RevisitedLinks
Import address table (IAT) hooking is a well documented technique for intercepting calls to imported functions.
☆219Updated 6 years ago
Alternatives and similar repositories for IAT-Hooking-Revisited
Users that are interested in IAT-Hooking-Revisited are comparing it to the libraries listed below
Sorting:
- PatchGuard Research☆302Updated 6 years ago
- x64 usermode rootkit☆205Updated 7 years ago
- Detecting execution of kernel memory where is not backed by any image file☆260Updated 6 years ago
- PE permutation library☆273Updated 2 years ago
- Simple VM based x86 PE (portable exectuable) protector.☆361Updated 10 years ago
- SimpleSvmHook is a research purpose hypervisor for Windows on AMD processors.☆403Updated 4 years ago
- Windows NT x64 syscall fuzzer☆607Updated last year
- AntiDebugging sample sources written in C++☆340Updated 6 years ago
- Hypervisor based tool for monitoring system register accesses.☆146Updated 6 years ago
- Detours with just single dependency - NTDLL☆645Updated 2 years ago
- A wrapper library around native windows sytem APIs☆435Updated 4 years ago
- Persistent IAT hooking application - based on bearparser☆259Updated 2 years ago
- Kernel Detective☆145Updated 2 years ago
- Translates WinDbg "dt" structure dump to a C structure☆128Updated 8 years ago
- driver mapper / capcom wrapper☆220Updated 5 years ago
- KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK☆512Updated 2 years ago
- windows kernelmode and usermode IAT hook☆147Updated 4 years ago
- C++17 PE manualmapper☆360Updated 3 years ago
- ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solution…☆206Updated 2 years ago
- Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.☆880Updated 5 years ago
- pseudo-code to show how to disable patchguard with win10☆296Updated 7 years ago
- ☆245Updated 10 years ago
- Open-source user-mode Anti-Anti-Debug plugin for x64dbg & cheatengine.☆207Updated 8 years ago
- ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports pay…☆224Updated 2 years ago
- Debug Child Process Tool (auto attach)☆292Updated last year
- This program remaps its image to prevent the page protection of pages contained in the image from being modified via NtProtectVirtualMemo…☆601Updated 6 years ago
- Hide Driver By MiProcessLoaderEntry☆287Updated 6 years ago
- This is a collection of interesting codes about Windows Process creation.☆234Updated last year
- Research on Windows Kernel Executive Callback Objects☆288Updated 5 years ago
- Asynchronous Procedure Calls☆232Updated 4 years ago