m0n0ph1 / IAT-Hooking-RevisitedLinks
Import address table (IAT) hooking is a well documented technique for intercepting calls to imported functions.
☆219Updated 6 years ago
Alternatives and similar repositories for IAT-Hooking-Revisited
Users that are interested in IAT-Hooking-Revisited are comparing it to the libraries listed below
Sorting:
- PatchGuard Research☆301Updated 6 years ago
- x64 usermode rootkit☆205Updated 7 years ago
- PE permutation library☆273Updated 2 years ago
- Persistent IAT hooking application - based on bearparser☆258Updated 2 years ago
- Detecting execution of kernel memory where is not backed by any image file☆258Updated 6 years ago
- AntiDebugging sample sources written in C++☆340Updated 6 years ago
- Simple VM based x86 PE (portable exectuable) protector.☆347Updated 10 years ago
- Hypervisor based tool for monitoring system register accesses.☆146Updated 6 years ago
- Windows NT x64 syscall fuzzer☆607Updated last year
- In-Memory PE Loader☆376Updated 5 years ago
- Asynchronous Procedure Calls☆230Updated 4 years ago
- SimpleSvmHook is a research purpose hypervisor for Windows on AMD processors.☆397Updated 4 years ago
- This is a collection of interesting codes about Windows Process creation.☆233Updated last year
- Research on Windows Kernel Executive Callback Objects☆287Updated 5 years ago
- driver mapper / capcom wrapper☆220Updated 5 years ago
- zer0m0n driver for cuckoo sandbox☆362Updated 10 years ago
- ☆398Updated 8 years ago
- Detours with just single dependency - NTDLL☆644Updated 2 years ago
- A tool to help when dealing with Windows IOCTL codes or reversing Windows drivers.☆434Updated 6 years ago
- A wrapper library around native windows sytem APIs☆432Updated 4 years ago
- Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.☆876Updated 5 years ago
- Proof of concept implementation of in-memory PE Loader based on ReflectiveDLLInjection Technique☆152Updated 6 years ago
- C++17 PE manualmapper☆359Updated 3 years ago
- ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solution…☆205Updated 2 years ago
- windows kernelmode and usermode IAT hook☆147Updated 4 years ago
- Debug Child Process Tool (auto attach)☆290Updated last year
- ChimeraPE (a PE injector type - alternative to: RunPE, ReflectiveLoader, etc) - a template for manual loading of EXE, loading imports pay…☆224Updated 2 years ago
- Syscall Monitor is a system monitor program (like Sysinternal's Process Monitor) using Intel VT-X/EPT for Windows7+☆741Updated 7 years ago
- KSOCKET provides a very basic example how to make a network connections in the Windows Driver by using WSK☆505Updated 2 years ago
- Open-source user-mode Anti-Anti-Debug plugin for x64dbg & cheatengine.☆207Updated 8 years ago