trailofbits / WinDbg-JSLinks
☆24Updated last year
Alternatives and similar repositories for WinDbg-JS
Users that are interested in WinDbg-JS are comparing it to the libraries listed below
Sorting:
- Extract data of TTD trace file to a minidump☆28Updated last year
- A class to emulate the behavior of NtQuerySystemInformation when passed the SystemHypervisorDetailInformation information class☆26Updated last year
- Winbindex bot to pull in binaries for specific releases☆48Updated last year
- Repository of Microsoft Driver Block Lists based off of OS-builds☆39Updated last year
- A small tool to unmap PE memory dumps.☆11Updated last year
- Local OXID Resolver (LCLOR) : Research and Tooling☆35Updated 4 years ago
- ☆18Updated 4 years ago
- A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using Instrumentation…☆31Updated last year
- ☆25Updated 2 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆34Updated 3 years ago
- Read ETW Provider events. Inspired by ETWExplorer by Pavel Yosifovich☆16Updated 11 months ago
- ☆31Updated last year
- Small tool to play with IOCs caused by Imageload events☆42Updated 2 years ago
- A few examples of how to trap virtual memory access on Windows.☆31Updated 6 months ago
- Clone running process with ZwCreateProcess☆57Updated 4 years ago
- Uses ghidra to find all ETW write metadata for each API in a PE file☆19Updated 10 months ago
- List the ETW provider(s) in the registration table of a process.☆59Updated last year
- Former Multi - Ring to Kernel To UserMode Transitional Shellcode For Remote Kernel Exploits☆29Updated 3 years ago
- A C++ PoC implementation for enumerating Windows Fibers directly from memory☆19Updated last year
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆79Updated 2 years ago
- ☆48Updated 2 months ago
- Command like tool to print mitigation flags for running processes in a memory dump☆46Updated 4 years ago
- ☆20Updated 5 months ago
- A fully compatible replacement of Windows NT NtCreateLowBoxToken syscall - precisely restored from reverse engineering☆38Updated 2 weeks ago
- C# implementation to produce ROR-13 numeric hash for given function API name☆32Updated 6 years ago
- Inter-Process Communication Mechanisms☆28Updated 4 years ago
- ☆31Updated 3 years ago
- Support Windows OS Reversing by searching easily for references to functions across many DLLs☆34Updated 3 years ago
- Windows kernel PDB data parsed into YAML☆37Updated 7 months ago
- Windows process injection methods☆17Updated 5 years ago