User-mode process cross-checking utility intended to detect naive malware hiding itself by hooking IAT/EAT.
☆19Mar 3, 2016Updated 10 years ago
Alternatives and similar repositories for prc_xchk
Users that are interested in prc_xchk are comparing it to the libraries listed below
Sorting:
- 常用代码类☆13May 31, 2014Updated 11 years ago
- ☆12Aug 28, 2017Updated 8 years ago
- Windows inject☆16Jun 7, 2018Updated 7 years ago
- analyze the content of the pe file on windows, and shell(pack) function for windows drivers.☆11Nov 9, 2018Updated 7 years ago
- Some of example code that I have collected while learning☆10Sep 25, 2016Updated 9 years ago
- ☆18Dec 5, 2016Updated 9 years ago
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Mar 13, 2017Updated 8 years ago
- ☆11Mar 11, 2015Updated 10 years ago
- User-mode kernel callback framework☆10Nov 16, 2013Updated 12 years ago
- Provides the ability to patch/hook functions imported by a dll or executable☆35May 31, 2010Updated 15 years ago
- Notes my learning steps about Windows-NT☆23May 18, 2017Updated 8 years ago
- Enumerate all processes and get specified file's handle,then close it.☆12Jul 2, 2018Updated 7 years ago
- Kinject - kernel dll injector, currently available in x86 version, will be updated to x64 soon.☆32Apr 10, 2015Updated 10 years ago
- A library to install/uninstall NDIS driver on Windows☆15Jul 15, 2015Updated 10 years ago
- Simple program for static hooking dynamic libraries in executable application☆24Jan 15, 2014Updated 12 years ago
- ☆22May 25, 2017Updated 8 years ago
- An av windows engine with file guard and compress file enumator☆12Aug 25, 2018Updated 7 years ago
- ☆14Jan 10, 2017Updated 9 years ago
- ☆41Jun 1, 2016Updated 9 years ago
- ntoskrnl symbol pdb and undocument structures☆25Oct 25, 2017Updated 8 years ago
- easy detour-, vftable-, iat- and eathooking☆12Mar 30, 2016Updated 9 years ago
- Windows MITM proxy for proprietary miners☆14Nov 13, 2017Updated 8 years ago
- The internal Windows structures hack to create the in-process private ETW session☆14Feb 22, 2017Updated 9 years ago
- Windows Malware Probe of Concept☆21Jun 20, 2022Updated 3 years ago
- win7 apc注入不支持win10☆18Mar 29, 2019Updated 6 years ago
- 进程保护、进程过滤的小工程、主要亮点是在内核中对操作系统中的用户进行管理☆16Nov 5, 2014Updated 11 years ago
- ☆34Sep 3, 2018Updated 7 years ago
- Shareds for kernel developement☆29Dec 23, 2013Updated 12 years ago
- reversed emet tool☆24Oct 14, 2012Updated 13 years ago
- Takes a Windbg dumped structure (using the 'dt' command) and formats it into a C structure☆37Jul 8, 2024Updated last year
- A simple tool to help you capture Ioctls.☆20Aug 26, 2017Updated 8 years ago
- viewing page boundaries of pages with PAGE_NOACCESS protection reveals the presence of x64dbg.☆26Jan 1, 2017Updated 9 years ago
- 进程保护☆17Mar 31, 2013Updated 12 years ago
- ☆17Oct 24, 2016Updated 9 years ago
- An ark tool's driver☆40May 11, 2017Updated 8 years ago
- UI application that can compare PE images in memory or in raw PE file☆19Feb 17, 2014Updated 12 years ago
- A memory engine that scans, debugs and disassembles an applications memory space.☆14Oct 29, 2017Updated 8 years ago
- Wow64 syscall hook☆43May 28, 2017Updated 8 years ago
- WIP - Play with Intel VM Extensions☆23Jun 12, 2017Updated 8 years ago