mgeeky / prc_xchkLinks
User-mode process cross-checking utility intended to detect naive malware hiding itself by hooking IAT/EAT.
☆19Updated 9 years ago
Alternatives and similar repositories for prc_xchk
Users that are interested in prc_xchk are comparing it to the libraries listed below
Sorting:
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Updated 8 years ago
- Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.☆22Updated 8 years ago
- Class implementation of PowerLoader injection technique☆32Updated 8 years ago
- Helper utility for debugging windows PE/PE+ loader.☆52Updated 10 years ago
- ☆14Updated 8 years ago
- Kinject - kernel dll injector, currently available in x86 version, will be updated to x64 soon.☆32Updated 10 years ago
- User-mode hook bypassing method☆33Updated 8 years ago
- Notes my learning steps about Windows-NT☆23Updated 8 years ago
- ☆19Updated 10 years ago
- Simple PE packer with RtlCompressBuffer☆21Updated 9 years ago
- A library that allows hook any imported function from the IAT (works only in x64)☆11Updated 6 years ago
- Reflective DLL Injection style process infector☆20Updated 7 years ago
- Enumerate process modules manually☆9Updated 3 years ago
- drvtriks kernel driver for Windows 7 SP1 and 8.1 x64, that tricks around in your system.☆33Updated 7 years ago
- ☆12Updated 8 years ago
- Shareds for kernel developement☆28Updated 11 years ago
- PoC for detecting and dumping process hollowing code injection☆51Updated 6 years ago
- User-mode program parsing logs created by HyperPlatform☆18Updated 8 years ago
- Windows device tree walker☆15Updated 6 years ago
- Malwarebytes Antivirus CVE☆8Updated 7 years ago
- Wow64 syscall hook☆41Updated 8 years ago
- PoC for detecting and dumping code injection (built and extended on UnRunPE)☆56Updated 6 years ago
- A simple native code virtualizer for 32-bit Windows PE☆15Updated 9 years ago
- User-mode part of Zerokit platform☆22Updated 6 years ago
- just an lite AntiRootkit for interesting☆23Updated 9 years ago
- PoC of BOOST-ed _EPROCESS.VadRoot iterating☆25Updated 11 years ago
- hooking KiUserApcDispatcher☆25Updated 8 years ago
- windows kernel File redirection☆20Updated 10 years ago
- UI application that can compare PE images in memory or in raw PE file☆18Updated 11 years ago
- Lists work items being queued currently.☆14Updated 10 years ago