Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers
☆401Mar 22, 2026Updated this week
Alternatives and similar repositories for ntdoc
Users that are interested in ntdoc are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Native API header files for the System Informer project.☆1,371May 25, 2025Updated 9 months ago
- Single header version of System Informer's phnt library.☆241Jan 9, 2026Updated 2 months ago
- Windows Explorer application written in assembly☆15Jun 15, 2023Updated 2 years ago
- Windows Object Explorer 64-bit☆1,900Updated this week
- Windows NT Syscall tables☆1,396Updated this week
- PE Viewer☆212Jan 24, 2026Updated 2 months ago
- Research on obfuscated licensing APIs / CLIP service in the Windows kernel☆140Aug 23, 2022Updated 3 years ago
- Collection of undocumented Windows API declarations.☆344Mar 11, 2026Updated 2 weeks ago
- A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl☆1,342Mar 7, 2026Updated 2 weeks ago
- Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.☆663Jan 28, 2025Updated last year
- Perfect DLL Proxying using forwards with absolute paths.☆341Nov 3, 2025Updated 4 months ago
- Hook all callbacks which are registered with LdrRegisterDllNotification☆97Apr 3, 2025Updated 11 months ago
- Hooking Windows' exception dispatcher to protect process's PML4☆236Jan 24, 2025Updated last year
- Undocumented MSVC☆45Nov 10, 2025Updated 4 months ago
- Windows Anti-Rootkit Tool☆547Dec 31, 2025Updated 2 months ago
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆165Aug 23, 2024Updated last year
- Detours with just single dependency - NTDLL☆674Nov 25, 2025Updated 4 months ago
- Experimental Windows x64 Kernel Rootkit with anti-rootkit evasion features.☆593Aug 2, 2025Updated 7 months ago
- "Service-less" driver loading☆184Nov 28, 2024Updated last year
- miscellaneous scripts and programs☆278Jan 23, 2025Updated last year
- Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.☆244Sep 26, 2023Updated 2 years ago
- KDP compatible unsigned driver loader leveraging a write primitive in one of the IOCTLs of gdrv.sys☆166Jun 14, 2024Updated last year
- Debugger Anti-Detection Benchmark☆389Mar 1, 2026Updated 3 weeks ago
- Windows System Call Tables (NT/2000/XP/2003/Vista/7/8/10/11)☆2,549Dec 30, 2025Updated 2 months ago
- RpcView is a free tool to explore and decompile Microsoft RPC interfaces☆1,049Sep 24, 2023Updated 2 years ago
- Windows inline hooking tool.☆298Oct 7, 2018Updated 7 years ago
- My personal cheat sheet for using WinDbg for kernel debugging☆455Apr 17, 2025Updated 11 months ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆271Aug 31, 2022Updated 3 years ago
- Asynchronous Procedure Calls☆239Apr 17, 2021Updated 4 years ago
- An index of Windows binaries, including download links for executables such as exe, dll and sys files☆776Mar 18, 2026Updated last week
- Process Monitor X v2☆652Jan 22, 2024Updated 2 years ago
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Mar 29, 2025Updated 11 months ago
- Manual mapping without creating any threads, with rw only access☆809Oct 29, 2019Updated 6 years ago
- A library to develop kernel level Windows payloads for post HVCI era☆488May 18, 2021Updated 4 years ago
- FastSymApi - A Fast API PDB Symbol Cache Server that efficiently caches and compresses PDBs on disk for quick and repeated retrieval.☆19Feb 12, 2026Updated last month
- Windows System Explorer☆878Nov 29, 2025Updated 3 months ago
- RPC Monitor tool based on Event Tracing for Windows☆388Aug 19, 2024Updated last year
- Fuzzing Harness and Unpatched Crash Results from Fuzzing Defender MpEngine☆42Jul 29, 2025Updated 7 months ago
- WinVisor - A hypervisor-based emulator for Windows x64 user-mode executables using Windows Hypervisor Platform API☆651Jan 23, 2025Updated last year