Alternatives and similar repositories for pe

Users that are interested in pe are comparing it to the libraries listed below

• mandiant / GoReSym
  Go symbol recovery tool
  ☆762Updated 2 weeks ago
• SentineLabs / AlphaGolang
  IDApython Scripts for Analyzing Golang Binaries
  ☆632Updated 10 months ago
• goretk / gore
  GoRE - Package gore is a library for analyzing Go binaries
  ☆500Updated last week
• leandrofroes / gftrace
  A command line Windows API tracing tool for Golang binaries.
  ☆155Updated last year
• LloydLabs / delete-self-poc
  A way to delete a locked file, or current running executable, on disk.
  ☆548Updated 10 months ago
• hasherezade / process_overwriting
  Yet another variant of Process Hollowing
  ☆400Updated 4 months ago
• tothi / dll-hijack-by-proxying
  Exploiting DLL Hijacking by DLL Proxying Super Easily
  ☆516Updated last year
• hasherezade / mal_unpack
  Dynamic unpacker based on PE-sieve
  ☆736Updated 3 weeks ago
• mandiant / STrace
  A DTrace on Windows Reimplementation
  ☆348Updated 4 months ago
• Binject / go-donut
  Donut Injector ported to pure Go. For use with https://github.com/TheWover/donut
  ☆340Updated 2 years ago
• 89luca89 / pakkero
  Pakkero is a binary packer written in Go made for fun and educational purpose. Its main goal is to take in input a program file (elf bina…
  ☆264Updated 2 years ago
• czs108 / Windows-PE-Packer
  🗜️ A packer for Windows x86 executable files written in C and Intel x86 Assembly. The new file after packing can obstruct reverse engine…
  ☆344Updated 8 months ago
• sha0coder / mwemu
  x86 malware emulator
  ☆222Updated 2 weeks ago
• 0xrawsec / golang-win32
  Golang wrappers functions to call Windows APIs
  ☆79Updated 2 years ago
• hasherezade / process_ghosting
  Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…
  ☆664Updated last year
• goretk / redress
  Redress - A tool for analyzing stripped Go binaries
  ☆1,079Updated last week
• malware-unicorn / GoPEInjection
  Golang PE injection on windows
  ☆166Updated 3 years ago
• Dec0ne / HWSyscalls
  HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
  ☆678Updated last year
• C-Sto / BananaPhone
  It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!)
  ☆511Updated 2 years ago
• br-sn / CheekyBlinder
  Enumerating and removing kernel callbacks using signed vulnerable drivers
  ☆566Updated 2 years ago
• Bw3ll / sharem
  SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…
  ☆394Updated last month
• OALabs / hashdb
  Assortment of hashing algorithms used in malware
  ☆363Updated 2 weeks ago
• am0nsec / HellsGate
  Original C Implementation of the Hell's Gate VX Technique
  ☆1,058Updated 3 years ago
• hasherezade / tiny_tracer
  A Pin Tool for tracing API calls etc
  ☆1,477Updated last week
• hasherezade / transacted_hollowing
  Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
  ☆556Updated last year
• mandiant / gostringungarbler
  Python tool to resolve all strings in Go binaries obfuscated by garble
  ☆107Updated 4 months ago
• skelsec / minidump
  Python library to parse and read Microsoft minidump file format
  ☆289Updated 5 months ago
• deepinstinct / Dirty-Vanity
  A POC for the new injection technique, abusing windows fork API to evade EDRs. https://www.blackhat.com/eu-22/briefings/schedule/index.ht…
  ☆641Updated 2 years ago
• trailofbits / RpcInvestigator
  Exploring RPC interfaces on Windows
  ☆321Updated last year
• Binject / debug
  Fork of pkg/debug that adds some additional functionality.
  ☆125Updated last year