saferwall / pe
A lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.
☆349Updated 2 months ago
Alternatives and similar repositories for pe:
Users that are interested in pe are comparing it to the libraries listed below
- Go symbol recovery tool☆662Updated last week
- A command line Windows API tracing tool for Golang binaries.☆155Updated last year
- GoRE - Package gore is a library for analyzing Go binaries☆480Updated last week
- IDApython Scripts for Analyzing Golang Binaries☆611Updated 6 months ago
- Donut Injector ported to pure Go. For use with https://github.com/TheWover/donut☆324Updated 2 years ago
- Pakkero is a binary packer written in Go made for fun and educational purpose. Its main goal is to take in input a program file (elf bina…☆254Updated 2 years ago
- A way to delete a locked file, or current running executable, on disk.☆512Updated 6 months ago
- A DTrace on Windows Reimplementation☆338Updated 2 weeks ago
- Universal Shared Library User-space Loader☆223Updated 2 years ago
- Yet another variant of Process Hollowing☆376Updated 3 weeks ago
- Process Injection Techniques with Golang☆77Updated 4 years ago
- x86 malware emulator☆210Updated 3 weeks ago
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆369Updated 3 months ago
- Fork of pkg/debug that adds some additional functionality.☆122Updated 11 months ago
- It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!)☆495Updated 2 years ago
- Redress - A tool for analyzing stripped Go binaries☆994Updated last week
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆650Updated last year
- A more stealthy variant of "DLL hollowing"☆335Updated 11 months ago
- FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++17!☆321Updated 2 years ago
- Set of antianalysis techniques found in malware☆129Updated last year
- Exploiting DLL Hijacking by DLL Proxying Super Easily☆480Updated last year
- Dynamic unpacker based on PE-sieve☆705Updated last week
- Golang PE injection on windows☆163Updated 3 years ago
- 🗜️ A packer for Windows x86 executable files written in C and Intel x86 Assembly. The new file after packing can obstruct reverse engine…☆332Updated 4 months ago
- Elf binary infector written in Go.☆206Updated last month
- Run binaries straight from memory in Linux☆315Updated last year
- Native code virtualizer for x64 binaries☆464Updated 2 months ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆644Updated 11 months ago
- A Binary Genetic Traits Lexer Framework☆487Updated last week
- Go interface to NTDLL functions☆73Updated 10 months ago