m417z/thread-call-stack-scanner external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

m417z/thread-call-stack-scanner

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/m417z/thread-call-stack-scanner)

Close

m417z / thread-call-stack-scannerView on GitHubMore

• External links
• Readme badge

Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussions/15

☆81Jun 21, 2025Updated 8 months ago

Alternatives and similar repositories for thread-call-stack-scanner

Users that are interested in thread-call-stack-scanner are comparing it to the libraries listed below

• ricardojoserf / NativeNtdllRemap

  View on GitHub
  Remap ntdll.dll using only NTAPI functions with a suspended process
  ☆27Apr 13, 2025Updated 10 months ago
• fin3ss3g0d / IoDllProxyLoad

  View on GitHub
  DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly
  ☆63Mar 19, 2024Updated last year
• T3nb3w / ComDotNetExploit

  View on GitHub
  A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
  ☆334Mar 6, 2025Updated 11 months ago
• Archie-osu / PowerHook

  View on GitHub
  Hooking KPRCB IdlePreselect function to gain execution inside PID 0.
  ☆73Apr 13, 2025Updated 10 months ago
• ColeHouston / Sunder

  View on GitHub
  Windows rootkit designed to work with BYOVD exploits
  ☆216Jan 18, 2025Updated last year
• hasherezade / waiting_thread_hijacking

  View on GitHub
  Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread
  ☆263Aug 31, 2025Updated 6 months ago
• tdeerenberg / InlineWhispers3

  View on GitHub
  Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion
  ☆102Jul 9, 2025Updated 7 months ago
• ig-labs / defender-mpengine-fuzzing

  View on GitHub
  Fuzzing Harness and Unpatched Crash Results from Fuzzing Defender MpEngine
  ☆40Jul 29, 2025Updated 7 months ago
• mannyfred / MentalTi

  View on GitHub
  Mentally ill EtwTi parser
  ☆68Jan 11, 2026Updated last month
• xforcered / ForsHops

  View on GitHub
  ForsHops
  ☆152Mar 25, 2025Updated 11 months ago
• Teach2Breach / moonwalk

  View on GitHub
  find dll base addresses without PEB WALK
  ☆160Jul 13, 2025Updated 7 months ago
• C5Hackr / c_syscalls

  View on GitHub
  https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.
  ☆34Jun 23, 2024Updated last year
• EspressoCake / ADIDNS_Parser

  View on GitHub
  Parser and reconciliation tooling for large Active Directory environments.
  ☆33Feb 18, 2025Updated last year
• joaoviictorti / uwd

  View on GitHub
  Call Stack Spoofing for Rust
  ☆210Jan 28, 2026Updated last month
• Teach2Breach / snapinject_rs

  View on GitHub
  A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …
  ☆50Jan 25, 2025Updated last year
• EvanMcBroom / sleepy

  View on GitHub
  A lexer and parser for Sleep
  ☆20Feb 20, 2026Updated last week
• NtDallas / OdinLdr

  View on GitHub
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆186Jan 17, 2026Updated last month
• whokilleddb / ETWListicle

  View on GitHub
  List the ETW provider(s) in the registration table of a process.
  ☆80Sep 20, 2023Updated 2 years ago
• lsecqt / SessionView

  View on GitHub
  A portable C# utility for enumerating local and remote windows sessions
  ☆56Jan 1, 2026Updated last month
• Slowerzs / KeyJumper

  View on GitHub
  ☆53Mar 26, 2025Updated 11 months ago
• MatheuZSecurity / ElfDoor-gcc

  View on GitHub
  ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.
  ☆133Apr 13, 2025Updated 10 months ago
• p0dalirius / FindProcessesWithNamedPipes

  View on GitHub
  A simple C++ Windows tool to get information about processes exposing named pipes.
  ☆40Mar 6, 2025Updated 11 months ago
• 0xflux / Vectored-Exception-Handling-Squared

  View on GitHub
  Vectored Exception Handling Squared
  ☆29Dec 27, 2025Updated 2 months ago
• djolertrk / kovid-obfuscation-passes

  View on GitHub
  A set of LLVM and GCC based plugins that perform code obfuscation.
  ☆140Oct 20, 2025Updated 4 months ago
• sudonoodle / BOF-entra-authcode-flow

  View on GitHub
  Beacon Object File (BOF) to obtain Entra tokens via authcode flow.
  ☆123Jan 17, 2026Updated last month
• Friends-Security / RedirectThread

  View on GitHub
  Playing around with Thread Context Hijacking. Building more evasive primitives to use as alternative for existing process injection techn…
  ☆199Jun 17, 2025Updated 8 months ago
• xforcered / Being-A-Good-CLR-Host

  View on GitHub
  ☆139Jan 16, 2025Updated last year
• Meowmycks / koneko

  View on GitHub
  Robust Cobalt Strike shellcode loader with multiple advanced evasion features
  ☆200Apr 21, 2025Updated 10 months ago
• kyxiaxiang / TcpNsiKill

  View on GitHub
  Simulate per-process disconnection in red team environments
  ☆113Jun 6, 2025Updated 8 months ago
• ricardojoserf / NativeTokenImpersonate

  View on GitHub
  Impersonate Tokens using only NTAPI functions
  ☆84Apr 4, 2025Updated 10 months ago
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆281Sep 18, 2024Updated last year
• leftp / RegPersist

  View on GitHub
  a BOF implementation of various registry persistence methods
  ☆94Nov 11, 2025Updated 3 months ago
• ioncodes / SilentLoad

  View on GitHub
  "Service-less" driver loading
  ☆184Nov 28, 2024Updated last year
• scrt / KexecDDPlus

  View on GitHub
  Exploiting the KsecDD Windows driver through Server Silos
  ☆76Nov 11, 2024Updated last year
• wolfcod / beacondbg

  View on GitHub
  Beacon Debugger
  ☆55Oct 28, 2024Updated last year
• SlimeOnSecurity / PrintSpoofer-BOF

  View on GitHub
  ☆50May 4, 2025Updated 9 months ago
• NtDallas / Draugr

  View on GitHub
  BOF with Synthetic Stackframe
  ☆225Oct 30, 2025Updated 4 months ago
• assarbad / msvc-undoc

  View on GitHub
  Undocumented MSVC
  ☆43Nov 10, 2025Updated 3 months ago
• SolomonSklash / COM-Hijacking

  View on GitHub
  An example of COM hijacking using a proxy DLL.
  ☆44Aug 17, 2021Updated 4 years ago