m0n0ph1 / IAT-Hooking-RevisitedView external linksLinks
Import address table (IAT) hooking is a well documented technique for intercepting calls to imported functions.
☆226Sep 19, 2018Updated 7 years ago
Alternatives and similar repositories for IAT-Hooking-Revisited
Users that are interested in IAT-Hooking-Revisited are comparing it to the libraries listed below
Sorting:
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Mar 13, 2017Updated 8 years ago
- windows kernelmode and usermode IAT hook☆149Mar 9, 2021Updated 4 years ago
- Wow64 syscall hook☆42May 28, 2017Updated 8 years ago
- Notes my learning steps about Windows-NT☆23May 18, 2017Updated 8 years ago
- AllMemPro☆46Jan 15, 2018Updated 8 years ago
- User-mode process cross-checking utility intended to detect naive malware hiding itself by hooking IAT/EAT.☆19Mar 3, 2016Updated 9 years ago
- Windows inject☆16Jun 7, 2018Updated 7 years ago
- Process Hollowing techniques as used in many file Crypters (C/C++)☆85Oct 1, 2020Updated 5 years ago
- Шаблон полнофункционального драйвера и обёртки над ядерным API☆114Aug 28, 2016Updated 9 years ago
- simple PE packer written in C++☆56Feb 23, 2018Updated 7 years ago
- wow64 syscall filter☆13Nov 12, 2014Updated 11 years ago
- Contains some tricks to detect Sandboxes and gradually completed☆44Aug 27, 2017Updated 8 years ago
- Class implementation of PowerLoader injection technique☆32Dec 23, 2016Updated 9 years ago
- Windows kernel-mode callbacks tutorial driver☆48Aug 8, 2016Updated 9 years ago
- analyze the content of the pe file on windows, and shell(pack) function for windows drivers.☆11Nov 9, 2018Updated 7 years ago
- A system call tracer☆10Sep 22, 2014Updated 11 years ago
- ☆30May 23, 2017Updated 8 years ago
- Analyze and attack windows applications using dll hijacking vulnerabilities☆59Sep 22, 2019Updated 6 years ago
- ☆17Oct 24, 2016Updated 9 years ago
- ☆14Jan 10, 2017Updated 9 years ago
- ☆14Jun 24, 2017Updated 8 years ago
- ☆34Sep 3, 2018Updated 7 years ago
- Code injection by hijacking threads in Windows 32-bit applications☆43Oct 3, 2018Updated 7 years ago
- A collection of injection via vc++ in ring3☆242Apr 3, 2017Updated 8 years ago
- Some interesting code☆18Jan 16, 2015Updated 11 years ago
- PoC for Bypassing UM Hooks By Bruteforcing Intel Syscalls☆39Nov 20, 2015Updated 10 years ago
- A kernel level anti-rootkit tool which runs on the windows platform.☆92Apr 18, 2014Updated 11 years ago
- ☆11Mar 11, 2015Updated 10 years ago
- RunPE dump - I wrote this to have better control over the analysis of malwares. I can stop and analysis malware when it uses some of the …☆10Jul 1, 2015Updated 10 years ago
- A set of tutorials about code injection for Windows.☆314Aug 30, 2024Updated last year
- easy detour-, vftable-, iat- and eathooking☆12Mar 30, 2016Updated 9 years ago
- Various libraries focused on examining/parsing NTFS-specific structures☆16Oct 25, 2015Updated 10 years ago
- Example library for how to dynamically/statically hook/intercept unmanaged functions and APIs☆13Nov 9, 2022Updated 3 years ago
- A modern c++ implementation of windows heavens gate☆244Sep 19, 2020Updated 5 years ago
- An open-source x86 / x86-64 hooking library for Windows.☆95Sep 20, 2024Updated last year
- UI application that can compare PE images in memory or in raw PE file☆19Feb 17, 2014Updated 11 years ago
- Protect process fsfilter driver. Windows x64☆36Apr 11, 2016Updated 9 years ago
- Simple proof of concept code for injecting libraries on 64bit processes from a 32bit process☆96Oct 12, 2018Updated 7 years ago
- Enumerate the DLLs/Modules using NtQueryVirtualMemory☆32Jun 11, 2015Updated 10 years ago