weixu8 / RegistryMonitor
Formely KMon, a Windows Kernel Driver designed to prevent malware attacks by monitoring the creation of registry keys in common autorun locations and prompting the user whether they want to allow the creation of the key. More of an experiment into Kernel level SSDT hooks but a fun project nonetheless
☆21Updated 10 years ago
Related projects ⓘ
Alternatives and complementary repositories for RegistryMonitor
- ☆27Updated 3 years ago
- ☆32Updated 4 years ago
- windows kernel File redirection☆19Updated 10 years ago
- UI application that can compare PE images in memory or in raw PE file☆17Updated 10 years ago
- Native Development Kit for Vista 64bit And Later, by me, Based on NDK Headers 1.0, by Alex Ionescu☆16Updated 8 years ago
- Simple command line version of Sysinternals WinObj. Currently just lists object names and types given an object manager directory.☆19Updated last year
- Demo List cm/ps/ob/minifilter callback And Patch/Bypass it☆27Updated 6 years ago
- just an lite AntiRootkit for interesting☆23Updated 8 years ago
- Ssdt Hook Detection tool☆12Updated 7 years ago
- a network filter using NDIS hook technique☆19Updated 11 years ago
- A simple ransomware defender.It uses minifilter to filt "rewrite" and "delete" events in kernel.And it handles event in user mode.☆27Updated 6 years ago
- WhoCalls can query a directory of files, find the binaries, and search for a user specified Win API import. It and works with both 32-bit…☆17Updated 2 years ago
- Kernel (Ring0) - SSDT unhook driver☆13Updated 6 years ago
- Some of example code that I have collected while learning☆10Updated 8 years ago
- WoW64 -> x64☆18Updated 8 years ago
- Open Source Libraries Collection☆24Updated 8 years ago
- A Windows driver used to facilitate DLL injection☆24Updated 7 years ago
- Notes my learning steps about Windows-NT☆22Updated 7 years ago
- ☆13Updated 6 years ago
- A tool to investigate the Windows device manager☆14Updated 5 years ago
- network filter driver that control network send speed, based on windows tdi framework.☆31Updated 8 months ago
- Helper utility for debugging windows PE/PE+ loader.☆50Updated 9 years ago
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Updated 7 years ago
- x64 Kernel Hooks Detection☆24Updated 7 years ago
- copy of tdifw lib☆10Updated 7 years ago
- Windows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc☆15Updated 6 years ago
- Windows anti-rootkit library☆38Updated 9 years ago
- viewing page boundaries of pages with PAGE_NOACCESS protection reveals the presence of x64dbg.☆22Updated 7 years ago
- ☆12Updated 3 months ago
- ☆11Updated 7 years ago