saferwall / peLinks
A lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.
☆359Updated 6 months ago
Alternatives and similar repositories for pe
Users that are interested in pe are comparing it to the libraries listed below
Sorting:
- IDApython Scripts for Analyzing Golang Binaries☆630Updated 9 months ago
- GoRE - Package gore is a library for analyzing Go binaries☆494Updated last week
- Go symbol recovery tool☆747Updated 3 months ago
- A command line Windows API tracing tool for Golang binaries.☆154Updated last year
- A DTrace on Windows Reimplementation☆348Updated 3 months ago
- Yet another variant of Process Hollowing☆395Updated 4 months ago
- A way to delete a locked file, or current running executable, on disk.☆531Updated 10 months ago
- Assortment of hashing algorithms used in malware☆361Updated last week
- 🗜️ A packer for Windows x86 executable files written in C and Intel x86 Assembly. The new file after packing can obstruct reverse engine…☆343Updated 7 months ago
- Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging☆548Updated last year
- Redress - A tool for analyzing stripped Go binaries☆1,061Updated 2 weeks ago
- Fork of pkg/debug that adds some additional functionality.☆125Updated last year
- Dynamic unpacker based on PE-sieve☆732Updated this week
- Donut Injector ported to pure Go. For use with https://github.com/TheWover/donut☆337Updated 2 years ago
- Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…☆660Updated last year
- It's a go variant of Hells gate! (directly calling windows kernel functions, but from Go!)☆509Updated 2 years ago
- A Binary Genetic Traits Lexer Framework☆494Updated 3 months ago
- Pakkero is a binary packer written in Go made for fun and educational purpose. Its main goal is to take in input a program file (elf bina…☆263Updated 2 years ago
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆390Updated 3 weeks ago
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆675Updated last year
- MinHook binding for Go (Golang) with support for Windows API.☆80Updated 5 years ago
- Quickly debug shellcode extracted during malware analysis☆602Updated 2 years ago
- Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers☆257Updated last week
- FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++17!☆332Updated 2 years ago
- Python tool to resolve all strings in Go binaries obfuscated by garble☆99Updated 3 months ago
- x86 malware emulator☆221Updated this week
- A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl☆1,222Updated last week
- Moneta is a live usermode memory analysis tool for Windows with the capability to detect malware IOCs☆750Updated last year
- My implementation of enSilo's Process Doppelganging (PE injection technique)☆610Updated 2 years ago
- Golang PE injection on windows☆167Updated 3 years ago