nccgroup / ncloaderLinks
A session-0 capable dll injection utility
☆76Updated 7 years ago
Alternatives and similar repositories for ncloader
Users that are interested in ncloader are comparing it to the libraries listed below
Sorting:
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆58Updated 9 years ago
- Simple proof of concept code for injecting libraries on 64bit processes from a 32bit process☆96Updated 6 years ago
- DLL Injection Library & Tools☆72Updated 8 years ago
- A simple API monitor for Windbg☆63Updated 8 years ago
- Decrement Windows Kernel for fun and profit☆38Updated 7 years ago
- Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub☆79Updated 12 years ago
- Helper utility for debugging windows PE/PE+ loader.☆52Updated 10 years ago
- Load a Windows Kernel Driver☆92Updated 8 years ago
- Simple library to spray the Windows Kernel Pool☆109Updated 5 years ago
- Bypass for the hardening against usage of tagWnd as a kernel read/write primitive☆29Updated 8 years ago
- Open and generic Anti-Anti Reversing Framework. Works in 32 and 64 bits.☆64Updated 12 years ago
- ☆45Updated 7 years ago
- Multi-purpose proof-of-concept tool based on CPU-Z CVE-2017-15303☆109Updated 7 years ago
- C++☆80Updated 8 years ago
- DirectNtApi - simple method to make ntapi function call without importing or walking export table. Work under Windows 7, 8 and 10☆53Updated last year
- A tool to help malware analysts tell that the sample is injecting code into other process.☆78Updated 9 years ago
- ☆80Updated 7 years ago
- PoC for detecting and dumping code injection (built and extended on UnRunPE)☆56Updated 6 years ago
- Windbg extension to find PatchGuard pages☆121Updated 11 years ago
- Static unpacker for FinSpy VM☆101Updated 3 years ago
- A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.☆19Updated 7 years ago
- Shellcode emulator written with Unicorn Framework With Process Dump Emulation Environment☆123Updated 4 years ago
- A process overwriting its own PEB to make an illusion that it has been loaded from a different path.☆96Updated 4 years ago
- PoC for Bypassing UM Hooks By Bruteforcing Intel Syscalls☆38Updated 9 years ago
- ☆34Updated 7 years ago
- reverse engineering extension plugin for windbg☆116Updated 5 years ago
- Windbg2ida lets you dump each step in Windbg then shows these steps in IDA☆75Updated 11 months ago
- kernel pool windbg extension☆84Updated 9 years ago
- Windows 10 kernel and ntdll internal types, directly compatible with ida.☆51Updated 6 years ago
- Anti-technique Codes, Detection of Anti-technique codes☆38Updated 11 years ago