Windows registry file format specification
☆355Oct 27, 2018Updated 7 years ago
Alternatives and similar repositories for regf
Users that are interested in regf are comparing it to the libraries listed below
Sorting:
- Yet another registry parser☆138Apr 15, 2022Updated 3 years ago
- Low-level MS Windows registry files analysis tools☆19May 5, 2016Updated 9 years ago
- Library and tools to access the Windows NT Registry File (REGF) format☆132Dec 19, 2025Updated 2 months ago
- Windows registry samples☆24Nov 18, 2018Updated 7 years ago
- An NTFS/FAT parser for digital forensics & incident response☆220Oct 31, 2025Updated 4 months ago
- Windows Registry Knowledge Base☆195Dec 23, 2025Updated 2 months ago
- A gadget finder and a ROP-Chainer tool for x86 platforms☆95Jun 13, 2021Updated 4 years ago
- Windows device tree walker☆15Sep 19, 2018Updated 7 years ago
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆146Feb 23, 2019Updated 7 years ago
- PowerShell interpreter for unmanaged (non CLI) C++ projects☆16Jul 19, 2017Updated 8 years ago
- ☆10Sep 29, 2019Updated 6 years ago
- Windows Live Artifacts Acquisition Script☆190Jun 20, 2022Updated 3 years ago
- Debugger extension for the Debugging Tools for Windows (WinDbg, KD, CDB, NTSD).☆69Nov 14, 2016Updated 9 years ago
- Malware monitor template based on MinHook☆17Mar 29, 2015Updated 10 years ago
- Parse Windows Prefetch files: Supports XP - Windows 10 Prefetch files☆122May 29, 2024Updated last year
- Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.☆22May 31, 2017Updated 8 years ago
- A kernel level anti-rootkit tool which runs on the windows platform.☆92Apr 18, 2014Updated 11 years ago
- Source code for File Test - Interactive File System Test Tool☆304Aug 13, 2025Updated 6 months ago
- Parser for $LogFile on NTFS☆215Jun 1, 2025Updated 9 months ago
- Detecting execution of kernel memory where is not backed by any image file☆261Jul 11, 2018Updated 7 years ago
- Win 10/11 related research☆198Dec 19, 2023Updated 2 years ago
- Hyper-V Research is trendy now☆198May 6, 2024Updated last year
- Event Tracing for Windows Custom Events☆21Jan 28, 2015Updated 11 years ago
- Team Portfolio. PLAYERUNKNOWN'S BATTLEGROUNDS(a.k.a. PUBG) Imitation Game's Proto Type.☆16Aug 12, 2018Updated 7 years ago
- Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.☆79Jan 24, 2011Updated 15 years ago
- Hypervisor-based debugger☆191Dec 2, 2020Updated 5 years ago
- Elevation of privilege detector based on HyperPlatform☆123Mar 5, 2017Updated 8 years ago
- An updated C# port of X-Ways X-Tensions API.☆11Mar 12, 2018Updated 7 years ago
- ☆309Aug 14, 2020Updated 5 years ago
- An analytical debugger programmed in C++, using Qt.☆22May 20, 2012Updated 13 years ago
- libemu shim layer and win32 environment for Unicorn Engine☆73Apr 14, 2017Updated 8 years ago
- Commandline low level file extractor for NTFS☆307Jul 30, 2019Updated 6 years ago
- Library for kernel and user mode splicing for Windows (x86 and x64).☆64Oct 29, 2012Updated 13 years ago
- PowerLoaderEx - Advanced Code Injection Technique for x32 / x64☆383Apr 17, 2017Updated 8 years ago
- Kernel Pool Monitor☆127Mar 6, 2022Updated 3 years ago
- Notes my learning steps about Windows-NT☆23May 18, 2017Updated 8 years ago
- The history of Windows Internals via symbols.☆181Nov 4, 2021Updated 4 years ago
- Set of tools to analyze Windows sandboxes for exposed attack surface.☆2,267Nov 6, 2025Updated 3 months ago
- This driver implements the Intel Processor Trace functionality in Intel Skylake architecture for Microsoft Windows☆466Apr 17, 2018Updated 7 years ago