rsa9000 / regfanalysistoolsLinks
Low-level MS Windows registry files analysis tools
☆20Updated 9 years ago
Alternatives and similar repositories for regfanalysistools
Users that are interested in regfanalysistools are comparing it to the libraries listed below
Sorting:
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Updated 8 years ago
- Hyper-V virtual switch packet capturing extension with libpcap / Wireshark format☆12Updated 11 years ago
- Hyper-V sockets☆29Updated 7 years ago
- Windows device tree walker☆15Updated 6 years ago
- Kernel (Ring0) - SSDT unhook driver☆15Updated 7 years ago
- Windows hidden thread suspend POC with code injection☆12Updated 8 years ago
- Demonstrate the new FileDispositionInfoEx behavior☆14Updated 7 years ago
- Common Malware Techniques☆14Updated 2 years ago
- Notes my learning steps about Windows-NT☆23Updated 8 years ago
- ☆12Updated 10 years ago
- This is a demo project to illustrate the way to verify and restore original SST in case of some malware hooks☆33Updated 8 years ago
- Library for Windows XML Event Log (EVTX) data types☆18Updated 10 months ago
- PowerShell interpreter for unmanaged (non CLI) C++ projects☆16Updated 8 years ago
- An alternative tool to Sysinternals WinObj tool (nicer icons!)☆37Updated 6 years ago
- Native Development Kit for Vista 64bit And Later, by me, Based on NDK Headers 1.0, by Alex Ionescu☆17Updated 9 years ago
- OpenHIPS prevents exploitation of Windows systems☆35Updated 12 years ago
- Shellcode injection using debugging APIs☆19Updated 11 years ago
- 对windows-api内容进行自动审查和过滤监控☆14Updated 8 years ago
- ☆19Updated 10 years ago
- windows kernel File redirection☆20Updated 10 years ago
- Windows Offline Crash Dump☆17Updated 2 years ago
- Windows KExec☆25Updated 15 years ago
- ☆13Updated 8 years ago
- Scanning and identifying XOR encrypted PE files in PE resources☆28Updated 11 years ago
- WoW64 -> x64☆19Updated 8 years ago
- Obtain remote process cookies by performing a brute-force attack on ntdll.RtlDecodePointer using known pointer encodings.☆22Updated 8 years ago
- Microsoft Edge Microsoft Edge主页算法☆20Updated 6 years ago
- ☆14Updated 8 years ago
- WhoCalls can query a directory of files, find the binaries, and search for a user specified Win API import. It and works with both 32-bit…☆18Updated 3 years ago
- A simple ransomware defender.It uses minifilter to filt "rewrite" and "delete" events in kernel.And it handles event in user mode.☆27Updated 7 years ago