API monitoring via return-hijacking thunks; works without information about target function prototypes.
☆117May 26, 2020Updated 5 years ago
Alternatives and similar repositories for protolesshooks
Users that are interested in protolesshooks are comparing it to the libraries listed below
Sorting:
- init☆14Mar 16, 2020Updated 5 years ago
- Lightweight WINAPI tracing with Pin☆27Aug 22, 2019Updated 6 years ago
- A driver that supports communication between a Windows guest and HyperWin☆15Jan 6, 2021Updated 5 years ago
- usermode standalone kernel interface☆111Jul 9, 2018Updated 7 years ago
- Library for using direct system calls☆35Jan 30, 2025Updated last year
- Скрытие строки от отладчиков и декомпиляторов☆51Oct 16, 2019Updated 6 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆104May 14, 2020Updated 5 years ago
- A simple x86_64 AMD-v hypervisor type-2 Programmed with C++, with soon to be added syscall hooks. [W.I.P]☆104Aug 3, 2023Updated 2 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆240Nov 6, 2019Updated 6 years ago
- ☆125May 23, 2020Updated 5 years ago
- Stealthy Injector that leverages a vulnerable driver and other exploits to remain undetected☆37Dec 10, 2018Updated 7 years ago
- Analyze patches in a process☆259Jul 28, 2021Updated 4 years ago
- The kernel mode Standard Template Library Template☆19Feb 22, 2020Updated 6 years ago
- c++ implementation of windows heavens gate☆70Feb 12, 2021Updated 5 years ago
- Driver Loader/BE Bypass/Win Malware(lol)☆36Jun 25, 2019Updated 6 years ago
- A native hypervisor designed for the Windows operating system☆125Mar 6, 2021Updated 4 years ago
- VT-based PCI device monitor (SPI)☆158Oct 29, 2020Updated 5 years ago
- RVDbg is a debugger/exception handler for Windows processes and has the capability to circumvent anti-debugging techniques. (Cleaner, doc…☆72Sep 5, 2020Updated 5 years ago
- This is the P.O.C source for hooking the system calls on Windows 10 (1903) using it's dynamic trace feature weakness☆53Sep 12, 2019Updated 6 years ago
- Noninvasive debugging plugin for X64Dbg☆110Nov 21, 2024Updated last year
- Windows system spy for Mouse, Keyboard and Gamepad(Joystick).☆15Jul 6, 2022Updated 3 years ago
- ☆15Oct 7, 2020Updated 5 years ago
- ☆44Oct 7, 2018Updated 7 years ago
- 轻量级自动分析病毒程序调用上下文、游戏反调试实现技术平台☆100Jun 21, 2020Updated 5 years ago
- Allows you to parse all messages sent to DbgPrint without any process interaction.☆32Apr 8, 2020Updated 5 years ago
- codes for my blog post: https://secrary.com/Random/InstrumentationCallback/☆183Nov 30, 2017Updated 8 years ago
- Easily hook WIN32 x64 functions☆18Feb 19, 2025Updated last year
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆66Apr 4, 2020Updated 5 years ago
- Figuring out the cause of a handle downgrade☆24Dec 13, 2022Updated 3 years ago
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆232Jul 26, 2020Updated 5 years ago
- ☆68Dec 17, 2020Updated 5 years ago
- CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers☆145Sep 5, 2020Updated 5 years ago
- a frame of amd-v svm nest☆53Apr 7, 2020Updated 5 years ago
- The runtime DXE driver monitoring access to the UEFI variables by hooking the runtime service table.☆146Oct 9, 2020Updated 5 years ago
- LLVM based devirtualization PoC’s.☆21Dec 11, 2021Updated 4 years ago
- .lib file for linking against the NT CRT☆19Mar 18, 2022Updated 3 years ago
- ☆36Oct 29, 2020Updated 5 years ago
- ☆39Oct 29, 2020Updated 5 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆109Apr 24, 2020Updated 5 years ago