Alternatives and similar repositories for woftool:

Users that are interested in woftool are comparing it to the libraries listed below

• vovkos / protolesshooks
  API monitoring via return-hijacking thunks; works without information about target function prototypes.
  ☆114Updated 4 years ago
• 0vercl0k / sic
  Enumerate user mode shared memory mappings on Windows.
  ☆117Updated 3 years ago
• zodiacon / RunAppContainer
  Run executables in an AppContainer
  ☆118Updated 6 years ago
• yardenshafir / IoRing_Demos
  A repository for I/O ring demos, use cases and performance testing on Windows
  ☆42Updated 2 years ago
• zodiacon / PoolMonX
  A GUI version of the classic PoolMon tool
  ☆112Updated 6 years ago
• lowleveldesign / comon
  A WinDbg extension to trace COM interactions
  ☆110Updated last year
• ntdiff / ntdiff
  ☆124Updated 3 months ago
• thinkcz / pico-toolbox
  PICO processes toolbox, playground for PICO processes research
  ☆72Updated 7 years ago
• zodiacon / GflagsX
  Enhanced version of the GFlags tool
  ☆82Updated 5 years ago
• wbenny / EtwConsumerNT
  Simple project that demonstrates how an ETW consumer can be created just by using NTDLL
  ☆139Updated 5 years ago
• ykfre / BsodSurvivor
  This project aims to facilitate debugging a kernel driver in windows by adding support for a code change on the fly without reboot/unload…
  ☆172Updated last year
• Microwave89 / createuserprocess
  Three Tiny Examples of Directly Using Vista's NtCreateUserProcess
  ☆85Updated 9 years ago
• AndreyBazhan / SymStore
  The history of Windows Internals via symbols.
  ☆178Updated 3 years ago
• neosmart / msvcrt.lib
  msvcrt.lib for linking against msvcrt.dll on all versions of Windows
  ☆83Updated 4 years ago
• trailofbits / uthenticode
  A cross-platform library for verifying Authenticode signatures
  ☆142Updated 3 months ago
• arizvisa / ndk
  A local copy of Alex Ionescu's seemingly abandoned native-nt-toolkit project containing knowledge inherited from the ReactOS project.
  ☆54Updated 5 years ago
• zodiacon / TotalPE
  Yet another PE Viewer
  ☆137Updated 2 years ago
• yardenshafir / SymlinkCallback
  A driver that hooks C: volume using symbolic link callback to track all FS access to the volume
  ☆103Updated 4 years ago
• DownWithUp / CallMon
  CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers
  ☆129Updated 4 years ago
• rprichard / win32-console-docs
  Win32 Console Documentation -- in particular, console/standard handles and CreateProcess inheritance
  ☆111Updated 9 months ago
• m417z / global-inject-demo
  A global injection and hooking example
  ☆135Updated last year
• rogerorr / NtTrace
  An strace-like program for the Windows 'native' API
  ☆238Updated last week
• ionescu007 / tpmtool
  The TpmTool utility is a simple cross-platform tool for accessing TPM2.0 Non-Volatile (NV) Spaces (Index Values) on compliant systems, wi…
  ☆141Updated 3 years ago
• yardenshafir / cet-research
  A collection of tools, source code, and papers researching Windows' implementation of CET.
  ☆79Updated 4 years ago
• Fyyre / ntdll
  ntdll.h - compatible with MSVC 6.0, Intel C++ Compiler and MinGW. Serves as a complete replacement for Windows.h
  ☆132Updated 5 years ago
• gamozolabs / pdblister
  Faster version of `symchk /om` for generating PDB manifests of offline machines
  ☆20Updated 3 years ago
• msuiche / LiveCloudKd
  Hyper-V Research is trendy now
  ☆176Updated 8 months ago
• zodiacon / sysrun
  Run any executable as SYSTEM account (no service required)
  ☆125Updated 8 months ago
• zodiacon / ObjectExplorer
  Explore Kernel Objects on Windows
  ☆201Updated last year
• ytk2128 / pe32-password
  A simple password-based PE encryptor for Windows 32-bit executables.
  ☆51Updated 3 weeks ago