saferwall / pe
A lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.
☆357Updated 4 months ago
Alternatives and similar repositories for pe:
Users that are interested in pe are comparing it to the libraries listed below
- Go symbol recovery tool☆699Updated last month
- GoRE - Package gore is a library for analyzing Go binaries☆487Updated this week
- A command line Windows API tracing tool for Golang binaries.☆155Updated last year
- A way to delete a locked file, or current running executable, on disk.☆525Updated 8 months ago
- Donut Injector ported to pure Go. For use with https://github.com/TheWover/donut☆333Updated 2 years ago
- Redress - A tool for analyzing stripped Go binaries☆1,023Updated 2 weeks ago
- It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!)☆501Updated 2 years ago
- IDApython Scripts for Analyzing Golang Binaries☆619Updated 8 months ago
- Go interface to NTDLL functions☆74Updated last year
- Yet another variant of Process Hollowing☆389Updated 2 months ago
- gyp: A pure Go YARA parser☆107Updated last year
- 🗜️ A packer for Windows x86 executable files written in C and Intel x86 Assembly. The new file after packing can obstruct reverse engine…☆336Updated 5 months ago
- Dynamic unpacker based on PE-sieve☆723Updated last month
- Process Injection Techniques with Golang☆77Updated 4 years ago
- A Binary Genetic Traits Lexer Framework☆488Updated last month
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆663Updated last year
- Universal Shared Library User-space Loader☆225Updated 2 years ago
- Exploiting DLL Hijacking by DLL Proxying Super Easily☆497Updated last year
- Pakkero is a binary packer written in Go made for fun and educational purpose. Its main goal is to take in input a program file (elf bina…☆258Updated 2 years ago
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆388Updated last month
- My implementation of enSilo's Process Doppelganging (PE injection technique)☆606Updated 2 years ago
- x86 malware emulator☆217Updated last month
- Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers☆248Updated this week
- Fork of pkg/debug that adds some additional functionality.☆124Updated last year
- A DTrace on Windows Reimplementation☆343Updated 2 months ago
- A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl☆1,203Updated last month
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆543Updated last year
- ☆812Updated 5 years ago
- Original C Implementation of the Hell's Gate VX Technique☆1,030Updated 3 years ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆558Updated 2 years ago