saferwall / peLinks
A lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.
☆361Updated last week
Alternatives and similar repositories for pe
Users that are interested in pe are comparing it to the libraries listed below
Sorting:
- Go symbol recovery tool☆762Updated 2 weeks ago
- IDApython Scripts for Analyzing Golang Binaries☆632Updated 10 months ago
- GoRE - Package gore is a library for analyzing Go binaries☆500Updated last week
- A command line Windows API tracing tool for Golang binaries.☆155Updated last year
- A way to delete a locked file, or current running executable, on disk.☆548Updated 10 months ago
- Yet another variant of Process Hollowing☆400Updated 4 months ago
- Exploiting DLL Hijacking by DLL Proxying Super Easily☆516Updated last year
- Dynamic unpacker based on PE-sieve☆736Updated 3 weeks ago
- A DTrace on Windows Reimplementation☆348Updated 4 months ago
- Donut Injector ported to pure Go. For use with https://github.com/TheWover/donut☆340Updated 2 years ago
- Pakkero is a binary packer written in Go made for fun and educational purpose. Its main goal is to take in input a program file (elf bina…☆264Updated 2 years ago
- 🗜️ A packer for Windows x86 executable files written in C and Intel x86 Assembly. The new file after packing can obstruct reverse engine…☆344Updated 8 months ago
- x86 malware emulator☆222Updated 2 weeks ago
- Golang wrappers functions to call Windows APIs☆79Updated 2 years ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆664Updated last year
- Redress - A tool for analyzing stripped Go binaries☆1,079Updated last week
- Golang PE injection on windows☆166Updated 3 years ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆678Updated last year
- It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!)☆511Updated 2 years ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆566Updated 2 years ago
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆394Updated last month
- Assortment of hashing algorithms used in malware☆363Updated 2 weeks ago
- Original C Implementation of the Hell's Gate VX Technique☆1,058Updated 3 years ago
- A Pin Tool for tracing API calls etc☆1,477Updated last week
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆556Updated last year
- Python tool to resolve all strings in Go binaries obfuscated by garble☆107Updated 4 months ago
- Python library to parse and read Microsoft minidump file format☆289Updated 5 months ago
- A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…☆641Updated 2 years ago
- Exploring RPC interfaces on Windows☆321Updated last year
- Fork of pkg/debug that adds some additional functionality.☆125Updated last year