weixu8 / RegistryMonitorLinks
Formely KMon, a Windows Kernel Driver designed to prevent malware attacks by monitoring the creation of registry keys in common autorun locations and prompting the user whether they want to allow the creation of the key. More of an experiment into Kernel level SSDT hooks but a fun project nonetheless
☆21Updated 11 years ago
Alternatives and similar repositories for RegistryMonitor
Users that are interested in RegistryMonitor are comparing it to the libraries listed below
Sorting:
- Simple command line version of Sysinternals WinObj. Currently just lists object names and types given an object manager directory.☆20Updated last year
- ☆33Updated 4 years ago
- copy of tdifw lib☆10Updated 8 years ago
- ☆28Updated 4 years ago
- a network filter using NDIS hook technique☆19Updated 12 years ago
- just an lite AntiRootkit for interesting☆23Updated 9 years ago
- UI application that can compare PE images in memory or in raw PE file☆17Updated 11 years ago
- Open Source Libraries Collection☆24Updated 9 years ago
- lz77win sources!lz77 is the compression software for the windows platform.☆24Updated 6 years ago
- A simple ransomware defender.It uses minifilter to filt "rewrite" and "delete" events in kernel.And it handles event in user mode.☆27Updated 6 years ago
- windows kernel File redirection☆20Updated 10 years ago
- Wow64 syscall hook☆40Updated 8 years ago
- Ssdt Hook Detection tool☆13Updated 8 years ago
- Kernel (Ring0) - SSDT unhook driver☆14Updated 7 years ago
- Demonstrate the new FileDispositionInfoEx behavior☆14Updated 7 years ago
- Windows driver with usermode interface which can hide objects of file-system and registry, protect processes and etc☆16Updated 6 years ago
- Hidden module/dll detector for windows apps☆15Updated 8 years ago
- ☆20Updated 5 years ago
- ☆14Updated 11 months ago
- Demo List cm/ps/ob/minifilter callback And Patch/Bypass it☆28Updated 7 years ago
- The project is a demo solution for one of the anti-rootkit techniques aimed on overcoming splicers☆34Updated 8 years ago
- x64 Kernel Hooks Detection☆24Updated 8 years ago
- ☆13Updated 6 years ago
- User-mode process cross-checking utility intended to detect naive malware hiding itself by hooking IAT/EAT.☆19Updated 9 years ago
- An ark tool's driver☆40Updated 8 years ago
- Notes my learning steps about Windows-NT☆23Updated 8 years ago
- Windows Simple Process Logger implemented as driver☆18Updated 7 years ago
- WoW64 -> x64☆19Updated 8 years ago
- viewing page boundaries of pages with PAGE_NOACCESS protection reveals the presence of x64dbg.☆23Updated 8 years ago
- A simple native code virtualizer for 32-bit Windows PE☆15Updated 9 years ago