Alternatives and similar repositories for NativeImageAnalyzer

Users that are interested in NativeImageAnalyzer are comparing it to the libraries listed below

• hasherezade / libpeconv_tpl
  A ready-made template for a project based on libpeconv.
  ☆51Updated 3 months ago
• killvxk / awesome-obfuscations
  ☆73Updated 6 months ago
• bytewreck / hook-buster
  Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.
  ☆36Updated 3 years ago
• Alien177 / WINAPI
  ☆10Updated last year
• je5442804 / CreateProcessInternalW-Full
  Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post
  ☆77Updated last year
• MahmoudZohdy / IAT-Obfuscation
  IAT-Obfuscation to make static analysis of executable harder.
  ☆44Updated 4 years ago
• MahmoudZohdy / DLL-Obfuscation-V2
  Load Encrypted Dll Using LoadLibraryA, Keep The Dll Encrypted on disc all the time and decrypt it only in memory.
  ☆23Updated 4 years ago
• orca-eaa5a / mploader
  Portable & Custmizable Windows Defender
  ☆12Updated 4 years ago
• magnusstubman / dll-exports
  Collection of DLL function export forwards for DLL export function proxying
  ☆107Updated 5 months ago
• baiyies / CrossInject
  32 bit process inject shellcode to 32 bit process and 64 bit process
  ☆35Updated 2 years ago
• 0xRick / PE-Parser
  https://0xrick.github.io/win-internals/pe8/
  ☆54Updated 4 years ago
• jackullrich / memfuck
  A PoC designed to bypass all usermode hooks in a WoW64 environment.
  ☆150Updated 5 years ago
• 0xbigshaq / runtime-unpack
  Load a statically-linked ELF binary(x86 architecture) without the execve syscall.
  ☆45Updated 5 years ago
• jsacco / PPL_Bypass
  ☆12Updated 3 years ago
• not-matthias / vmprotect-rs
  Rust bindings for VMProtect.
  ☆27Updated last year
• ryan-weil / Code-Cave
  Injects position-dependent code into a code cave in an executable file, and applies relocations.
  ☆26Updated 2 years ago
• backengineering / msrexec
  Elevate arbitrary MSR writes to kernel execution.
  ☆44Updated 2 years ago
• rbmm / NtDetours
  Detours implementation (x64/x86) which used only ntdll import
  ☆90Updated 3 months ago
• 0xlane / com-process-inject
  Process Injection via Component Object Model (COM) IRundown::DoCallback().
  ☆64Updated 3 years ago
• joaovarelas / java-remote-class-loader
  ☆33Updated 3 years ago
• aaaddress1 / wow64Jit
  Call 32bit NtDLL API directly from WoW64 Layer
  ☆61Updated 5 years ago
• OxNinja / C-VM
  My try to implement a virtual CPU in C
  ☆19Updated 2 years ago
• D0pam1ne705 / Direct-NtCreateUserProcess
  Call NtCreateUserProcess directly as normal.
  ☆76Updated 3 years ago
• keowu / InstrumentationCallbackToolKit
  A fast method to intercept syscalls from any user-mode process using InstrumentationCallback and detect any process using Instrumentation…
  ☆39Updated 2 years ago
• gognl / VMBR
  A VMBR (Virtual-Machine Based Rootkit) which runs a guest OS and sends the attacker its data
  ☆28Updated last year
• Toroto006 / windows-kernel-driver-pipeline
  This master thesis project continuously collects and analyses Microsoft Windows kernel drivers using static and dynamic methods to help s…
  ☆21Updated last year
• br4ndn / warbird-example
  ☆22Updated last year
• 3dnow / NtCreateLowBoxToken
  A fully compatible replacement of Windows NT NtCreateLowBoxToken syscall - precisely restored from reverse engineering
  ☆42Updated 7 months ago
• hasherezade / shellc_encoder
  Standalone Metasploit-like XOR encoder for shellcode
  ☆50Updated last year
• spcnvdr / xchacha20
  A small C library for the XChaCha20 stream cipher
  ☆39Updated 2 years ago