Alternatives and similar repositories for sauron:

Users that are interested in sauron are comparing it to the libraries listed below

• 474172261 / DataProtector
  A simple ransomware defender.It uses minifilter to filt "rewrite" and "delete" events in kernel.And it handles event in user mode.
  ☆27Updated 6 years ago
• jnastarot / soul_eater
  it can extract functions from .dll, .exe, .sys and it be work! :)
  ☆38Updated 5 years ago
• guidoreina / http_inspect
  HTTP/HTTPS/DNS inspector (windows driver)
  ☆26Updated 6 years ago
• muxq / hellorpc
  windows rpc 使用MIDL+RPC实现HelloWorld
  ☆23Updated 7 years ago
• zodiacon / WinSys
  C++ library for low-level Windows development
  ☆73Updated 11 months ago
• Biswa96 / TraceEvent
  Trace events in real time sessions
  ☆44Updated last year
• gerronjo / openlibs
  Open Source Libraries Collection
  ☆24Updated 9 years ago
• zodiacon / KernelObjectView
  View handles and object for each object type
  ☆62Updated 5 years ago
• KelvinMsft / ScreenCapAttack
  ☆33Updated 4 years ago
• aaaddress1 / wow64Jit
  Call 32bit NtDLL API directly from WoW64 Layer
  ☆60Updated 4 years ago
• BrunoMCBraga / Kernel-Whisperer
  ☆28Updated 4 years ago
• tandasat / Scavenger
  A minifilter driver preserves all modified and deleted files.
  ☆81Updated 9 years ago
• KelvinMsft / UsbMon
  ☆34Updated 4 years ago
• cclon / Proteibox
  a sandbox project by sudami
  ☆17Updated 6 years ago
• haidragon / study_firewall
  主动防御-网络过滤器(firewall)
  ☆5Updated last year
• 93aef0ce4dd141ece6f5 / Packer
  PoC executable packer using resources
  ☆31Updated 8 years ago
• japajoe / StackVMCPP
  A stack and register based virtual machine which can compile and execute arbitrary code in runtime
  ☆43Updated 2 weeks ago
• SinaKarvandi / Pinitor
  An API Monitor based on Instrumentation
  ☆43Updated 7 years ago
• alexvogt91 / NetDriver
  kernel-mode TDI client which can send and receive HTTP requests
  ☆55Updated 6 years ago
• zhuhuibeishadiao / KernelHooksDetection_x64
  x64 Kernel Hooks Detection
  ☆24Updated 8 years ago
• nmgwddj / A-Protect
  ☆23Updated 7 years ago
• MiroKaku / Learning-Example
  For Example. See Miro's Blog
  ☆30Updated 2 years ago
• bb107 / RtlWow64
  c++ implementation of windows heavens gate
  ☆68Updated 4 years ago
• killvxk / CodeStudy
  逆的或者收集的别人家的代码
  ☆27Updated last month
• repnz / windows-inspector
  A driver to intercept low level windows events
  ☆62Updated 5 years ago
• kaimi-io / event-tracing-for-windows
  Library for ETW, ProcessTracker sample based on ETW
  ☆33Updated 8 years ago
• kouzhudong / libdrv
  Static Library For Windows Drivers
  ☆33Updated last month
• waleedassar / SyscallNumberFinder
  ☆33Updated 3 years ago
• kernweak / Syscall-Monitor
  大表哥的Syscall-Monitor
  ☆34Updated 5 years ago
• MiroKaku / ConMon
  Windows Console Monitor
  ☆33Updated 5 years ago