sreeharshabandi / Captain
Process Creation, Image Load and Thread Creation Notification
☆10Updated last year
Related projects ⓘ
Alternatives and complementary repositories for Captain
- Windows driver template, using C++20 & cmake & GithubActions☆19Updated 3 months ago
- A driver to implement IOCTL hooking☆23Updated 2 years ago
- EDR PoC WIP LLC☆10Updated 9 months ago
- XOrCryptEx lightweight C Utility/Algorithm☆11Updated 2 years ago
- Some drivers I've written while solving exercises from Practical Reverse Engineering☆14Updated 2 years ago
- WinXPSP2.Cermalus on stereoids, supporting all 32 bits Windows version. Windows Kernel Virus stuff for noobs☆16Updated last year
- ☆29Updated 2 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Updated last year
- Proof-of-concept game using VBS enclaves to protect itself from cheating☆13Updated this week
- ☆29Updated 3 years ago
- Bypassing kernel patch protection runtime☆19Updated last year
- ☆15Updated last year
- Detects if a Kernel mode debugger is active by reading the value of KUSER_SHARED_DATA.KdDebuggerEnabled. It is a high level and portable …☆22Updated 7 years ago
- Dump PDB Symbols including support for Bochs Debugging Format (with wine support)☆14Updated last year
- FastSymApi - A Fast API PDB Symbol Cache Server that efficiently caches and compresses PDBs on disk for quick and repeated retrieval.☆18Updated last month
- Small project to generate fake DLLs based on an executable's import table☆22Updated 4 years ago
- ☆21Updated 9 months ago
- Code Integrity Violation Spotter☆17Updated 5 months ago
- Yet another windows syscall library☆16Updated 4 years ago
- research revolving the windows filtering platform callout mechanism☆20Updated 5 months ago
- ☆16Updated 2 years ago
- Static Library For Windows Drivers☆30Updated 2 months ago
- UnknownField is a tool based clang that obfuscating the order of fields to protect your C/C++ game or code.☆44Updated last year
- Panda - is a set of utilities used to research how PsExec encrypts its traffic.☆12Updated 3 years ago
- A Windows API hooking library !☆30Updated 2 years ago
- combine the power of procmon and dbgview into one single application☆7Updated 9 months ago
- ☆17Updated 3 years ago
- Walks the Process' VAD list to grab the PTE's corresponding to a usermode virtual address, all to get the physical address☆24Updated 2 years ago
- automates exploits using ROP chains, using ntdll-scraper☆16Updated 2 years ago
- Debug Print viewer (user and kernel)☆63Updated 9 months ago