m417z/thread-call-stack-scanner external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

m417z/thread-call-stack-scanner

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/m417z/thread-call-stack-scanner)

Close

m417z / thread-call-stack-scannerView on GitHubMore

• External links
• Readme badge

Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussions/15

☆82Jun 21, 2025Updated 9 months ago

Alternatives and similar repositories for thread-call-stack-scanner

Users that are interested in thread-call-stack-scanner are comparing it to the libraries listed below

• ricardojoserf / NativeNtdllRemap

  View on GitHub
  Remap ntdll.dll using only NTAPI functions with a suspended process
  ☆28Apr 13, 2025Updated 11 months ago
• fin3ss3g0d / IoDllProxyLoad

  View on GitHub
  DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly
  ☆63Mar 19, 2024Updated 2 years ago
• T3nb3w / ComDotNetExploit

  View on GitHub
  A C++ proof of concept demonstrating the exploitation of Windows Protected Process Light (PPL) by leveraging COM-to-.NET redirection and …
  ☆335Mar 6, 2025Updated last year
• hasherezade / waiting_thread_hijacking

  View on GitHub
  Waiting Thread Hijacking - injection by overwriting the return address of a waiting thread
  ☆264Aug 31, 2025Updated 6 months ago
• Teach2Breach / moonwalk

  View on GitHub
  find dll base addresses without PEB WALK
  ☆162Jul 13, 2025Updated 8 months ago
• ColeHouston / Sunder

  View on GitHub
  Windows rootkit designed to work with BYOVD exploits
  ☆217Jan 18, 2025Updated last year
• joaoviictorti / uwd

  View on GitHub
  Call Stack Spoofing for Rust
  ☆212Jan 28, 2026Updated last month
• Archie-osu / PowerHook

  View on GitHub
  Hooking KPRCB IdlePreselect function to gain execution inside PID 0.
  ☆73Apr 13, 2025Updated 11 months ago
• NtDallas / OdinLdr

  View on GitHub
  Cobaltstrike Reflective Loader with Synthetic Stackframe
  ☆189Jan 17, 2026Updated 2 months ago
• mannyfred / MentalTi

  View on GitHub
  Mentally ill EtwTi parser
  ☆69Jan 11, 2026Updated 2 months ago
• ig-labs / defender-mpengine-fuzzing

  View on GitHub
  Fuzzing Harness and Unpatched Crash Results from Fuzzing Defender MpEngine
  ☆42Jul 29, 2025Updated 7 months ago
• tdeerenberg / InlineWhispers3

  View on GitHub
  Tool for working with Indirect System Calls in Cobalt Strike's Beacon Object Files (BOF) using SysWhispers3 for EDR evasion
  ☆103Jul 9, 2025Updated 8 months ago
• xforcered / ForsHops

  View on GitHub
  ForsHops
  ☆152Mar 25, 2025Updated 11 months ago
• MatheuZSecurity / ElfDoor-gcc

  View on GitHub
  ElfDoor-gcc is an LD_PRELOAD that hijacks gcc to inject malicious code into binaries during linking, without touching the source code.
  ☆133Apr 13, 2025Updated 11 months ago
• EvanMcBroom / sleepy

  View on GitHub
  A lexer and parser for Sleep
  ☆20Feb 20, 2026Updated last month
• wolfcod / beacondbg

  View on GitHub
  Beacon Debugger
  ☆55Oct 28, 2024Updated last year
• Teach2Breach / snapinject_rs

  View on GitHub
  A remote process injection using process snapshotting based on https://gitlab.com/ORCA000/snaploader , in rust. It creates a sacrificial …
  ☆50Jan 25, 2025Updated last year
• assarbad / msvc-undoc

  View on GitHub
  Undocumented MSVC
  ☆45Nov 10, 2025Updated 4 months ago
• whokilleddb / ETWListicle

  View on GitHub
  List the ETW provider(s) in the registration table of a process.
  ☆80Sep 20, 2023Updated 2 years ago
• kyxiaxiang / TcpNsiKill

  View on GitHub
  Simulate per-process disconnection in red team environments
  ☆112Jun 6, 2025Updated 9 months ago
• EspressoCake / ADIDNS_Parser

  View on GitHub
  Parser and reconciliation tooling for large Active Directory environments.
  ☆33Feb 18, 2025Updated last year
• C5Hackr / c_syscalls

  View on GitHub
  https://github.com/janoglezcampos/c_syscalls with the ASM rewritten by myself for Visual Studio's Compiler.
  ☆34Jun 23, 2024Updated last year
• xforcered / Being-A-Good-CLR-Host

  View on GitHub
  ☆139Jan 16, 2025Updated last year
• sudonoodle / BOF-entra-authcode-flow

  View on GitHub
  Beacon Object File (BOF) to obtain Entra tokens via authcode flow.
  ☆124Jan 17, 2026Updated 2 months ago
• 0xTriboulet / rdll-rs

  View on GitHub
  A reflective DLL development template for the Rust programming language
  ☆116Nov 4, 2025Updated 4 months ago
• boku7 / patchwerk

  View on GitHub
  BOF that finds all the Nt* system call stubs within NTDLL and overwrites with clean syscall stubs (user land hook evasion)
  ☆195Feb 6, 2025Updated last year
• dmcxblue / NtCreateUserProcessBOF

  View on GitHub
  An Aggressor Script that utilizes NtCreateUserProcess to run binaries
  ☆31Jan 30, 2025Updated last year
• p0dalirius / FindProcessesWithNamedPipes

  View on GitHub
  A simple C++ Windows tool to get information about processes exposing named pipes.
  ☆40Mar 6, 2025Updated last year
• JanielDary / ImmoralFiber

  View on GitHub
  Two new offensive techniques using Windows Fibers: PoisonFiber (The first remote enumeration & Fiber injection capability POC tool) Phan…
  ☆283Sep 18, 2024Updated last year
• rasta-mouse / Crystal-Loaders

  View on GitHub
  A small collection of Crystal Palace PIC loaders designed for use with Cobalt Strike
  ☆193Oct 29, 2025Updated 4 months ago
• Meowmycks / koneko

  View on GitHub
  Robust Cobalt Strike shellcode loader with multiple advanced evasion features
  ☆200Apr 21, 2025Updated 11 months ago
• Mr-Un1k0d3r / DotnetNoVirtualProtectShellcodeLoader

  View on GitHub
  load shellcode without P/D Invoke and VirtualProtect call.
  ☆169Sep 2, 2025Updated 6 months ago
• kr0tt / EarlyExceptionHandling

  View on GitHub
  Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH
  ☆140Aug 31, 2025Updated 6 months ago
• rad9800 / BootExecuteEDR

  View on GitHub
  ☆410Dec 8, 2024Updated last year
• djolertrk / kovid-obfuscation-passes

  View on GitHub
  A set of LLVM and GCC based plugins that perform code obfuscation.
  ☆139Oct 20, 2025Updated 5 months ago
• SlimeOnSecurity / PrintSpoofer-BOF

  View on GitHub
  ☆52May 4, 2025Updated 10 months ago
• ricardojoserf / NativeTokenImpersonate

  View on GitHub
  Impersonate Tokens using only NTAPI functions
  ☆84Apr 4, 2025Updated 11 months ago
• NtDallas / Draugr

  View on GitHub
  BOF with Synthetic Stackframe
  ☆233Oct 30, 2025Updated 4 months ago
• leftp / RegPersist

  View on GitHub
  a BOF implementation of various registry persistence methods
  ☆95Nov 11, 2025Updated 4 months ago