wbenny / woftool

Related projects ⓘ

Alternatives and complementary repositories for woftool

• thinkcz / pico-toolbox
  PICO processes toolbox, playground for PICO processes research
  ☆68Updated 7 years ago
• Biswa96 / WslReverse
  Experiments with hidden COM interface and LxBus IPC mechanism in WSL
  ☆82Updated 2 years ago
• vovkos / protolesshooks
  API monitoring via return-hijacking thunks; works without information about target function prototypes.
  ☆113Updated 4 years ago
• m417z / global-inject-demo
  A global injection and hooking example
  ☆125Updated last year
• yardenshafir / SymlinkCallback
  A driver that hooks C: volume using symbolic link callback to track all FS access to the volume
  ☆102Updated 4 years ago
• dishather / richprint
  Print compiler information stored in Rich Header of PE executables.
  ☆125Updated this week
• andrew-boyarshin / LoaderWatch
  Windows 10 PE image loader (LDR) NTDLL component toolbox
  ☆41Updated 5 years ago
• ykfre / BsodSurvivor
  This project aims to facilitate debugging a kernel driver in windows by adding support for a code change on the fly without reboot/unload…
  ☆168Updated last year
• zodiacon / TotalPE
  Yet another PE Viewer
  ☆138Updated last year
• arizvisa / ndk
  A local copy of Alex Ionescu's seemingly abandoned native-nt-toolkit project containing knowledge inherited from the ReactOS project.
  ☆53Updated 5 years ago
• ntdiff / ntdiff
  ☆120Updated last month
• neosmart / msvcrt.lib
  msvcrt.lib for linking against msvcrt.dll on all versions of Windows
  ☆80Updated 4 years ago
• zodiacon / DeviceExplorer
  ☆42Updated last week
• DownWithUp / CallMon
  CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers
  ☆129Updated 4 years ago
• tandasat / WPBT-Builder
  The simple UEFI application to create a Windows Platform Binary Table (WPBT) from the UEFI shell.
  ☆101Updated 3 years ago
• ionescu007 / r0ak
  ☆28Updated 6 years ago
• AndreyBazhan / SymStore
  The history of Windows Internals via symbols.
  ☆177Updated 3 years ago
• zodiacon / RunAppContainer
  Run executables in an AppContainer
  ☆118Updated 5 years ago
• trailofbits / uthenticode
  A cross-platform library for verifying Authenticode signatures
  ☆139Updated 3 weeks ago
• wbenny / EtwConsumerNT
  Simple project that demonstrates how an ETW consumer can be created just by using NTDLL
  ☆135Updated 5 years ago
• Microwave89 / createuserprocess
  Three Tiny Examples of Directly Using Vista's NtCreateUserProcess
  ☆85Updated 9 years ago
• KiFilterFiberContext / windows-software-policy
  Research on obfuscated licensing APIs / CLIP service in the Windows kernel
  ☆86Updated 2 years ago
• ionescu007 / hdk
  (unofficial) Hyper-V® Development Kit
  ☆215Updated 9 months ago
• gerhart01 / LiveCloudKd
  Hyper-V Research is trendy now
  ☆150Updated last month
• coderforlife / ms-compress
  Open source implementations of Microsoft compression algorithms
  ☆206Updated 4 years ago
• zodiacon / GflagsX
  Enhanced version of the GFlags tool
  ☆82Updated 5 years ago
• 0vercl0k / sic
  Enumerate user mode shared memory mappings on Windows.
  ☆115Updated 3 years ago
• kobykahane / NpEtw
  Named pipe I/O ETW provider for Windows
  ☆67Updated 4 years ago
• zodiacon / PoolMonX
  A GUI version of the classic PoolMon tool
  ☆111Updated 6 years ago
• zodiacon / PoolMonXv2
  Kernel Pool Monitor
  ☆121Updated 2 years ago