Alternatives and similar repositories for NativeImageAnalyzer

Users that are interested in NativeImageAnalyzer are comparing it to the libraries listed below

• hasherezade / libpeconv_tpl
  A ready-made template for a project based on libpeconv.
  ☆50Updated 2 weeks ago
• orca-eaa5a / mploader
  Portable & Custmizable Windows Defender
  ☆12Updated 4 years ago
• baiyies / CrossInject
  32 bit process inject shellcode to 32 bit process and 64 bit process
  ☆35Updated 2 years ago
• keowu / InstrumentationCallbackToolKit
  A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using Instrumentation…
  ☆32Updated 2 years ago
• bytewreck / hook-buster
  Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.
  ☆31Updated 3 years ago
• jackullrich / memfuck
  A PoC designed to bypass all usermode hooks in a WoW64 environment.
  ☆150Updated 5 years ago
• OxNinja / C-VM
  My try to implement a virtual CPU in C
  ☆19Updated last year
• ryan-weil / Code-Cave
  Injects position-dependent code into a code cave in an executable file, and applies relocations.
  ☆23Updated 2 years ago
• am0nsec / wkpe
  Windows Kernel Programming Experiments
  ☆82Updated 3 years ago
• iammaguire / Salient-Rootkit
  A kernel mode Windows rootkit in development.
  ☆49Updated 3 years ago
• pr0tean / TelemetrySourcerer-patched
  Tiny driver patch to allow kernel callbacks to work on Win10 21h1
  ☆34Updated 3 years ago
• therealdreg / ida_bochs_windows
  Helper script for Windows kernel debugging with IDA Pro on native Bochs debugger (including PDB symbols)
  ☆61Updated 2 years ago
• joaovarelas / java-remote-class-loader
  ☆31Updated 3 years ago
• m417z / minhook-detours
  A hooking library with a MinHook-like API and a Detours-like implementation, with support for the x86, x64, and ARM64 platforms
  ☆29Updated 3 months ago
• 0vercl0k / inject
  Yet another Windows DLL injector.
  ☆39Updated 3 years ago
• the-deniss / Vulnerability-Disclosures
  Vulnerability analysis and proof of concepts
  ☆37Updated 2 years ago
• je5442804 / CreateProcessInternalW-Full
  Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post
  ☆73Updated last year
• aaaddress1 / wow64Jit
  Call 32bit NtDLL API directly from WoW64 Layer
  ☆61Updated 4 years ago
• rbmm / NtDetours
  Detours implementation (x64/x86) which used only ntdll import
  ☆89Updated last month
• h0li3 / mpengine_diskus
  参考taviso的代码逆向一下mpengine.dll
  ☆20Updated 3 years ago
• tandasat / CVE-2022-25949
  A years-old exploit of a local EoP vulnerability in Kingsoft Antivirus KWatch Driver version 2009.3.17.77.
  ☆38Updated 3 years ago
• backengineering / msrexec
  Elevate arbitrary MSR writes to kernel execution.
  ☆38Updated 2 years ago
• jackullrich / TRunPE
  A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…
  ☆97Updated 6 years ago
• MahmoudZohdy / DLL-Obfuscation-V2
  Load Encrypted Dll Using LoadLibraryA, Keep The Dll Encrypted on disc all the time and decrypt it only in memory.
  ☆23Updated 4 years ago
• hasherezade / shellc_encoder
  Standalone Metasploit-like XOR encoder for shellcode
  ☆50Updated last year
• eset / wslink-vm-analyzer
  WslinkVMAnalyzer is a tool to facilitate analysis of code protected by a virtual machine featured in Wslink malware
  ☆46Updated 3 years ago
• 0xlane / com-process-inject
  Process Injection via Component Object Model (COM) IRundown::DoCallback().
  ☆61Updated 2 years ago
• spcnvdr / xchacha20
  A small C library for the XChaCha20 stream cipher
  ☆39Updated 2 years ago
• waleedassar / ALPC_CLIENT_SERVER
  Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.
  ☆21Updated 3 years ago
• 0xbigshaq / runtime-unpack
  Load a statically-linked ELF binary(x86 architecture) without the execve syscall.
  ☆45Updated 5 years ago