m0n0ph1 / IAT-Hooking-Revisited
Import address table (IAT) hooking is a well documented technique for intercepting calls to imported functions.
☆216Updated 6 years ago
Alternatives and similar repositories for IAT-Hooking-Revisited:
Users that are interested in IAT-Hooking-Revisited are comparing it to the libraries listed below
- PatchGuard Research☆295Updated 6 years ago
- Simple VM based x86 PE (portable exectuable) protector.☆337Updated 9 years ago
- x64 usermode rootkit☆204Updated 6 years ago
- Windows NT x64 syscall fuzzer☆593Updated last year
- Detecting execution of kernel memory where is not backed by any image file☆256Updated 6 years ago
- Persistent IAT hooking application - based on bearparser☆250Updated 2 years ago
- PE permutation library☆268Updated last year
- Research on Windows Kernel Executive Callback Objects☆284Updated 4 years ago
- SimpleSvmHook is a research purpose hypervisor for Windows on AMD processors.☆372Updated 3 years ago
- Detours with just single dependency - NTDLL☆617Updated 2 years ago
- AntiDebugging sample sources written in C++☆338Updated 6 years ago
- Hypervisor based tool for monitoring system register accesses.☆142Updated 6 years ago
- Open-source user-mode Anti-Anti-Debug plugin for x64dbg & cheatengine.☆196Updated 7 years ago
- KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK☆486Updated 2 years ago
- Translates WinDbg "dt" structure dump to a C structure☆127Updated 8 years ago
- WinDBG Anti-RootKit Extension☆625Updated 4 years ago
- This is a collection of interesting codes about Windows Process creation.☆231Updated last year
- zer0m0n driver for cuckoo sandbox☆358Updated 9 years ago
- windows kernelmode and usermode IAT hook☆144Updated 3 years ago
- ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solution…☆198Updated 2 years ago
- Debug Child Process Tool (auto attach)☆280Updated last year
- Win64/Rovnix - Volume Boot Record Bootkit☆172Updated 9 years ago
- This program remaps its image to prevent the page protection of pages contained in the image from being modified via NtProtectVirtualMemo…☆586Updated 5 years ago
- In-Memory PE Loader☆371Updated 5 years ago
- Hide Driver By MiProcessLoaderEntry☆285Updated 5 years ago
- Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.☆851Updated 5 years ago
- A wrapper library around native windows sytem APIs☆426Updated 4 years ago
- Asynchronous Procedure Calls☆214Updated 3 years ago
- C++17 PE manualmapper☆318Updated 3 years ago
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆220Updated 4 years ago