repnz / windows-inspector
A driver to intercept low level windows events
☆59Updated 4 years ago
Related projects: ⓘ
- c++ implementation of windows heavens gate☆54Updated 3 years ago
- File system minifilter driver for Windows to block symbolic link attacks.☆51Updated 3 years ago
- Debug Print viewer (user and kernel)☆63Updated 7 months ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆100Updated 4 years ago
- Lightweight Portable Executable parsing library and a demo peParser application.☆71Updated last year
- ☆28Updated 5 years ago
- Standalone program to download PDB Symbol files for debugging without WDK☆71Updated 5 years ago
- ☆53Updated this week
- ☆28Updated 3 years ago
- Library for using direct system calls☆35Updated 4 years ago
- Exploring Windows Internals.☆58Updated 4 years ago
- Record & prevent file deletion in kernel mode☆39Updated 4 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆52Updated 5 years ago
- An example of a client and server using Windows' ALPC functions to send and receive data.☆88Updated 4 years ago
- Implementation of a dispatcher for Structured Exceptions inside a Vectored Exception Handler☆36Updated 4 years ago
- Windows 10 PE image loader (LDR) NTDLL component toolbox☆40Updated 4 years ago
- ☆64Updated 3 years ago
- Documenting system information classes and their uses☆48Updated 2 years ago
- ☆38Updated last year
- Load and unload a DLL into an remote process without using WriteProcessMemory ;)☆16Updated 10 years ago
- Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.☆72Updated 13 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆69Updated last year
- This repository contains some tools that I have written in the past☆25Updated 10 months ago
- Various WinDbg extensions and scripts☆31Updated 6 years ago
- D☆36Updated 3 years ago
- Miscellaneous Code and Docs☆76Updated 9 months ago
- A tool to help malware analysts tell that the sample is injecting code into other process.☆73Updated 9 years ago
- Add an empty section to a PE file☆49Updated 7 years ago
- Blog posts☆30Updated 4 years ago
- ☆48Updated this week