socjordi / sauronLinks
Windows Monitoring Agent (process creation + DLL loading monitor + network monitor + file system access monitor + etc)
☆63Updated 6 years ago
Alternatives and similar repositories for sauron
Users that are interested in sauron are comparing it to the libraries listed below
Sorting:
- ☆29Updated 5 years ago
- Example of real-time Windows ETW packet capture session☆54Updated 8 years ago
- A simple ransomware defender.It uses minifilter to filt "rewrite" and "delete" events in kernel.And it handles event in user mode.☆27Updated 7 years ago
- Simple AntiVirus Driver example☆39Updated 8 years ago
- Windows tool box library☆67Updated 8 years ago
- it can extract functions from .dll, .exe, .sys and it be work! :)☆40Updated 6 years ago
- Windows file system minifilter driver which generates backup copies of certain files before they change☆48Updated 7 years ago
- ☆36Updated 5 years ago
- View handles and object for each object type☆64Updated 6 years ago
- Library for ETW, ProcessTracker sample based on ETW☆34Updated 8 years ago
- ☆18Updated 7 years ago
- a sandbox project by sudami☆17Updated 7 years ago
- HTTP/HTTPS/DNS inspector (windows driver)☆27Updated 6 years ago
- DTrace for Windows in userspace; Frontend to ETW☆27Updated 3 years ago
- Easy Transparent Encrypted File System Based on Minifilter File System Driver☆35Updated 3 months ago
- A minifilter driver preserves all modified and deleted files.☆80Updated 10 years ago
- PoC executable packer using resources☆31Updated 9 years ago
- Trace events in real time sessions☆47Updated 2 years ago
- A drop-in replacement for the C++ STL for kernel mode Windows drivers. The goal is to have implementations for things like the standard a…☆32Updated 9 years ago
- Detects if a Kernel mode debugger is active by reading the value of KUSER_SHARED_DATA.KdDebuggerEnabled. It is a high level and portable …☆23Updated 8 years ago
- fork HoShiMin Avanguard☆20Updated 7 years ago
- Call 32bit NtDLL API directly from WoW64 Layer☆61Updated 5 years ago
- A stack and register based virtual machine which can compile and execute arbitrary code in runtime☆45Updated 10 months ago
- Windows ndiscap.sys adapter for WinPcap applications☆27Updated 9 years ago
- An open source library for operating the Windows Overlay Filter driver.☆22Updated 7 years ago
- You don't need install any wdk for development kernel driver☆24Updated 7 years ago
- ☆69Updated 3 years ago
- windows rpc 使用MIDL+RPC实现HelloWorld☆23Updated 7 years ago
- Open Source Libraries Collection☆24Updated 10 years ago
- Sysark全称system anti-rootkit,是我学习内核写的工具(2013年的代码,后续不会再更新),里面基本上所有的功能都是用内核实现的。这里只是实现了反rootkit部分功能,作为工具的话,本人觉得还欠完善,但作为学习,或有人需要。目前针对的是XP SP2,…☆27Updated 8 years ago