mgeeky / prc_xchkLinks
User-mode process cross-checking utility intended to detect naive malware hiding itself by hooking IAT/EAT.
☆19Updated 9 years ago
Alternatives and similar repositories for prc_xchk
Users that are interested in prc_xchk are comparing it to the libraries listed below
Sorting:
- Windows registry files interactive viewer☆9Updated 8 years ago
- Lists work items being queued currently.☆14Updated 10 years ago
- Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.☆22Updated 8 years ago
- A library that allows hook any imported function from the IAT (works only in x64)☆11Updated 6 years ago
- Kernel-mode file scanner☆18Updated 6 years ago
- Legal access: The driver and console app to demonstrate the basic memory access in kernel mode☆9Updated 7 years ago
- just an lite AntiRootkit for interesting☆23Updated 9 years ago
- windows kernel File redirection☆20Updated 10 years ago
- Ssdt Hook Detection tool☆13Updated 8 years ago
- Windows device tree walker☆15Updated 6 years ago
- ☆19Updated 9 years ago
- Simple PE packer with RtlCompressBuffer☆21Updated 9 years ago
- Notes my learning steps about Windows-NT☆23Updated 8 years ago
- ☆12Updated 8 years ago
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Updated 8 years ago
- Reflective DLL Injection style process infector☆20Updated 6 years ago
- hooking KiUserApcDispatcher☆24Updated 8 years ago
- PE Infector/Cryptor source code☆15Updated 8 years ago
- ☆14Updated 7 years ago
- Exploiting HEVD's WriteWhatWhereIoctlDispatch for LPE on Windows 10 TH2 through RS3 using GDI objects.☆24Updated 7 years ago
- reverse win7 32bit hotpatch implement☆9Updated 11 years ago
- Kernel (Ring0) - SSDT unhook driver☆14Updated 7 years ago
- Shareds for kernel developement☆28Updated 11 years ago
- Contains various pintools to supplement the Intel DBI framework☆12Updated 10 years ago
- wow64 syscall filter☆13Updated 10 years ago
- Wow64 syscall hook☆40Updated 8 years ago
- find and kill injectedThreads from memory☆11Updated 9 years ago
- ☆13Updated 6 years ago
- User-mode part of Zerokit platform☆20Updated 6 years ago
- Common Malware Techniques☆13Updated 2 years ago