saferwall / pe
A lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.
☆352Updated 3 months ago
Alternatives and similar repositories for pe:
Users that are interested in pe are comparing it to the libraries listed below
- A command line Windows API tracing tool for Golang binaries.☆156Updated last year
- Go symbol recovery tool☆688Updated last month
- IDApython Scripts for Analyzing Golang Binaries☆616Updated 7 months ago
- GoRE - Package gore is a library for analyzing Go binaries☆484Updated 2 weeks ago
- Donut Injector ported to pure Go. For use with https://github.com/TheWover/donut☆329Updated 2 years ago
- Process Injection Techniques with Golang☆76Updated 4 years ago
- Pakkero is a binary packer written in Go made for fun and educational purpose. Its main goal is to take in input a program file (elf bina…☆258Updated 2 years ago
- Exploiting DLL Hijacking by DLL Proxying Super Easily☆496Updated last year
- A way to delete a locked file, or current running executable, on disk.☆518Updated 8 months ago
- Dynamic unpacker based on PE-sieve☆717Updated 2 weeks ago
- Yet another variant of Process Hollowing☆384Updated 2 months ago
- Redress - A tool for analyzing stripped Go binaries☆1,012Updated last week
- It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!)☆498Updated 2 years ago
- Fork of pkg/debug that adds some additional functionality.☆123Updated last year
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆386Updated last week
- Python tool to resolve all strings in Go binaries obfuscated by garble☆70Updated last month
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆660Updated last year
- Golang PE injection on windows☆166Updated 3 years ago
- x86 malware emulator☆216Updated last week
- A DTrace on Windows Reimplementation☆342Updated last month
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆652Updated last year
- Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers☆233Updated this week
- 🗜️ A packer for Windows x86 executable files written in C and Intel x86 Assembly. The new file after packing can obstruct reverse engine…☆337Updated 5 months ago
- Elf binary infector written in Go.☆208Updated 2 months ago
- Kernel Security driver used to block past, current and future process injection techniques on Windows Operating System.☆153Updated 2 years ago
- Signtool for expired certificates☆473Updated last year
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆556Updated 2 years ago
- A Simple Linux ELF Runtime Crypter☆234Updated last month
- FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++17!☆327Updated 2 years ago
- SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…☆1,132Updated last year