mgeeky / prc_xchk
User-mode process cross-checking utility intended to detect naive malware hiding itself by hooking IAT/EAT.
☆18Updated 8 years ago
Related projects ⓘ
Alternatives and complementary repositories for prc_xchk
- Ssdt Hook Detection tool☆12Updated 8 years ago
- Simple PE packer with RtlCompressBuffer☆21Updated 9 years ago
- just an lite AntiRootkit for interesting☆23Updated 8 years ago
- Kernel (Ring0) - SSDT unhook driver☆13Updated 6 years ago
- Kernel-mode file scanner☆17Updated 6 years ago
- Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.☆21Updated 7 years ago
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Updated 7 years ago
- Reflective DLL Injection style process infector☆19Updated 6 years ago
- Wow64 syscall hook☆40Updated 7 years ago
- hooking KiUserApcDispatcher☆22Updated 7 years ago
- Windows registry files interactive viewer☆9Updated 7 years ago
- Kernel mode windows NT API logger☆21Updated 5 years ago
- simple plugin for lastest olly versions to display the callstack☆15Updated 11 years ago
- Legal access: The driver and console app to demonstrate the basic memory access in kernel mode☆9Updated 6 years ago
- A MITM proxy server for reflective DLL injection through WinINet☆15Updated 6 years ago
- ☆10Updated 7 years ago
- Windows hidden thread suspend POC with code injection☆12Updated 7 years ago
- Windows 10 UAC bypass PoC using LaunchInfSection☆34Updated 6 years ago
- Helper utility for debugging windows PE/PE+ loader.☆50Updated 9 years ago
- ☆18Updated 5 years ago
- Windows device tree walker☆15Updated 6 years ago
- Common Malware Techniques☆13Updated last year
- find and kill injectedThreads from memory☆10Updated 8 years ago
- wow64 syscall filter☆13Updated 10 years ago
- Simple library to handle PE files loading, relocating, get/set data, ..., in addition to process handling☆30Updated 5 years ago