tpn / windows-nt-file-system-internals-bookLinks
Source code on the 1.44MB 3.5 floppy accompanying the Windows NT File System Internals book.
☆16Updated 5 years ago
Alternatives and similar repositories for windows-nt-file-system-internals-book
Users that are interested in windows-nt-file-system-internals-book are comparing it to the libraries listed below
Sorting:
- ☆21Updated 3 years ago
- ☆20Updated 5 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆26Updated last year
- A set of small utilities, helpers for PIN tracers☆33Updated last year
- Neutralize KEPServerEX anti-debugging techniques☆31Updated 2 years ago
- ☆33Updated 3 years ago
- An experimental dynamic malware unpacker based on Intel Pin and PE-sieve☆60Updated 9 months ago
- Slides from various conference talks☆37Updated 2 years ago
- Helper scripts for windows debugging with symbols for Bochs and IDA Pro (PDB files). Very handy for user mode <--> kernel mode☆19Updated last year
- Code Integrity Violation Spotter☆16Updated 11 months ago
- A ready-made template for a project based on libpeconv.☆48Updated 3 months ago
- This is a simple tool to dump all the reparse points on an NTFS volume.☆33Updated 4 years ago
- ☆22Updated 6 years ago
- An API Monitor based on Instrumentation☆43Updated 7 years ago
- Practical Reverse Engineering book exercises☆9Updated 4 years ago
- Support Windows OS Reversing by searching easily for references to functions across many DLLs☆34Updated 3 years ago
- Demonstrate the new FileDispositionInfoEx behavior☆14Updated 7 years ago
- A wrapper for capstone for bearparser☆14Updated 2 years ago
- A template for projects using both libPeConv and MS Detours☆15Updated last year
- allowing um r/w through km from um ioctl ™☆11Updated 3 years ago
- Windbg extension that allows you analyze Control Flow Guard map☆35Updated 3 years ago
- Demonstrate the behavior of the tunnel cache on Windows☆10Updated 5 years ago
- DirectNtApi - simple method to make ntapi function call without importing or walking export table. Work under Windows 7, 8 and 10☆53Updated last year
- Various reverse engineering work on Windows☆17Updated 4 years ago
- ☆17Updated 6 years ago
- Miscellaneous Code and Docs☆81Updated last year
- Runtime smm module loader☆33Updated 2 years ago
- NoREpls - Application designed for the purposes of reverse engineering.☆11Updated 6 years ago
- Headers for linking your software with ntdll.dll☆15Updated 4 years ago
- findLoop - find possible encryption/decryption or compression/decompression code☆26Updated 6 years ago