repnz / windows-inspector

Related projects: ⓘ

• bb107 / RtlWow64
  c++ implementation of windows heavens gate
  ☆54Updated 3 years ago
• sgabe / SymlinkProtect
  File system minifilter driver for Windows to block symbolic link attacks.
  ☆51Updated 3 years ago
• zodiacon / DbgPrint
  Debug Print viewer (user and kernel)
  ☆63Updated 7 months ago
• yardenshafir / SymlinkCallback
  A driver that hooks C: volume using symbolic link callback to track all FS access to the volume
  ☆100Updated 4 years ago
• mgeeky / PE-library
  Lightweight Portable Executable parsing library and a demo peParser application.
  ☆71Updated last year
• ionescu007 / r0ak
  ☆28Updated 5 years ago
• Biswa96 / PDBDownloader
  Standalone program to download PDB Symbol files for debugging without WDK
  ☆71Updated 5 years ago
• biesigrr / pe-loader
  ☆53Updated this week
• SHA-MRIZ / FsMinfilterHooking
  ☆28Updated 3 years ago
• jnastarot / cleancall
  Library for using direct system calls
  ☆35Updated 4 years ago
• turingcompl33t / windows-internals
  Exploring Windows Internals.
  ☆58Updated 4 years ago
• SweetIceLolly / Prevent_File_Deletion
  Record & prevent file deletion in kernel mode
  ☆39Updated 4 years ago
• SouhailHammou / KernelSymbolsHelper
  Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…
  ☆52Updated 5 years ago
• DownWithUp / ALPC-Example
  An example of a client and server using Windows' ALPC functions to send and receive data.
  ☆88Updated 4 years ago
• Teq2 / SEH-Over-VEH
  Implementation of a dispatcher for Structured Exceptions inside a Vectored Exception Handler
  ☆36Updated 4 years ago
• andrew-boyarshin / LoaderWatch
  Windows 10 PE image loader (LDR) NTDLL component toolbox
  ☆40Updated 4 years ago
• ajkhoury / Errata1337
  ☆64Updated 3 years ago
• yardenshafir / InformationClasses
  Documenting system information classes and their uses
  ☆48Updated 2 years ago
• zodiacon / DeviceExplorer
  ☆38Updated last year
• edix / AlternativeCreateRemoteThread-public
  Load and unload a DLL into an remote process without using WriteProcessMemory ;)
  ☆16Updated 10 years ago
• Cr4sh / PTBypass-PoC
  Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.
  ☆72Updated 13 years ago
• therealdreg / cgaty
  Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)
  ☆69Updated last year
• AaLl86 / retroware
  This repository contains some tools that I have written in the past
  ☆25Updated 10 months ago
• OSRDrivers / windbg-exts
  Various WinDbg extensions and scripts
  ☆31Updated 6 years ago
• rbmm / INJECT
  D
  ☆36Updated 3 years ago
• hfiref0x / Misc
  Miscellaneous Code and Docs
  ☆76Updated 9 months ago
• tandasat / RemoteWriteMonitor
  A tool to help malware analysts tell that the sample is injecting code into other process.
  ☆73Updated 9 years ago
• hMihaiDavid / addscn
  Add an empty section to a PE file
  ☆49Updated 7 years ago
• zodiacon / Blog
  Blog posts
  ☆30Updated 4 years ago
• kernelm0de / RunPE-ProcessHollowing
  ☆48Updated this week