xenoscr/manual-syscall-detect external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

xenoscr/manual-syscall-detect

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/xenoscr/manual-syscall-detect)

Close

xenoscr / manual-syscall-detectView on GitHubMore

• External links
• Readme badge

A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.

☆116Feb 1, 2022Updated 4 years ago

Alternatives and similar repositories for manual-syscall-detect

Users that are interested in manual-syscall-detect are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• thefLink / Hunt-Weird-Syscalls

  View on GitHub
  ETW based POC to identify direct and indirect syscalls
  ☆189Apr 19, 2023Updated 2 years ago
• fplu / Detector

  View on GitHub
  A way to detect DBI frameworks, Debuggers and VMs.
  ☆24Nov 17, 2020Updated 5 years ago
• thefLink / RecycledGate

  View on GitHub
  Hellsgate + Halosgate/Tartarosgate. Ensures that all systemcalls go through ntdll.dll
  ☆500Feb 3, 2022Updated 4 years ago
• jackullrich / syscall-detect

  View on GitHub
  PoC capable of detecting manual syscalls from usermode.
  ☆207Nov 13, 2025Updated 4 months ago
• zeroperil / HookDump

  View on GitHub
  Security product hook detection
  ☆327Mar 30, 2021Updated 4 years ago
• Simple, predictable pricing with DigitalOcean hosting • Ad
  Always know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
• opcode86 / SysCaller

  View on GitHub
  Single header library to simplify the usage of direct syscalls. x64/x86
  ☆14Feb 26, 2023Updated 3 years ago
• kkent030315 / PageTableInjection

  View on GitHub
  Code Injection, Inject malicious payload via pagetables pml4.
  ☆242Jul 7, 2021Updated 4 years ago
• hlldz / RefleXXion

  View on GitHub
  RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, …
  ☆500Jan 25, 2022Updated 4 years ago
• elastic / PPLGuard

  View on GitHub
  ☆70Feb 6, 2025Updated last year
• crummie5 / FreshyCalls

  View on GitHub
  FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++17!
  ☆359Sep 1, 2022Updated 3 years ago
• mike1k / HookHunter

  View on GitHub
  Analyze patches in a process
  ☆261Jul 28, 2021Updated 4 years ago
• arnaugamez / tfg

  View on GitHub
  A copy of my Mathematics and Computer Engineering B.Sc. thesis
  ☆20Dec 8, 2020Updated 5 years ago
• sh4m2hwz / devirt_vmp

  View on GitHub
  devirtualization vmprotect
  ☆65Mar 11, 2023Updated 3 years ago
• paranoidninja / Process-Instrumentation-Syscall-Hook

  View on GitHub
  A simple program to hook the current process to identify the manual syscall executions on windows
  ☆266Nov 18, 2022Updated 3 years ago
• End-to-end encrypted cloud storage - Proton Drive • Ad
  Special offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
• aaaddress1 / knownDlls_Poison

  View on GitHub
  ☆26Dec 29, 2021Updated 4 years ago
• kkent030315 / anycall

  View on GitHub
  x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration
  ☆393Jul 6, 2022Updated 3 years ago
• JustasMasiulis / inline_syscall

  View on GitHub
  Inline syscalls made easy for windows on clang
  ☆736Jun 21, 2024Updated last year
• fengjixuchui / CodaPinTracer

  View on GitHub
  Lightweight WINAPI tracing with Pin
  ☆27Aug 22, 2019Updated 6 years ago
• asaurusrex / DoppelGate

  View on GitHub
  DoppelGate relies on reading ntdll on disk to grab syscall stubs, and patches these syscall stubs into desired functions to bypass Userla…
  ☆123Mar 25, 2022Updated 4 years ago
• Cerbersec / Ares

  View on GitHub
  Project Ares is a Proof of Concept (PoC) loader written in C/C++ based on the Transacted Hollowing technique
  ☆337Jan 16, 2022Updated 4 years ago
• passthehashbrowns / suspendedunhook

  View on GitHub
  ☆42Apr 22, 2021Updated 4 years ago
• wafinfo / SyscallLoader

  View on GitHub
  SyscallLoader
  ☆11Sep 13, 2021Updated 4 years ago
• archercreat / vmpfix

  View on GitHub
  Universal x86/x64 VMProtect 2.0-3.X Import fixer
  ☆22Dec 29, 2021Updated 4 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• iammaguire / Salient-Rootkit

  View on GitHub
  A kernel mode Windows rootkit in development.
  ☆49Dec 31, 2021Updated 4 years ago
• ionescu007 / HookingNirvana

  View on GitHub
  Recon 2015 Presentation from Alex Ionescu
  ☆250Jan 27, 2016Updated 10 years ago
• bytewreck / hook-buster

  View on GitHub
  Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.
  ☆38May 12, 2022Updated 3 years ago
• Yaxser / COFFLoader2

  View on GitHub
  Load and execute COFF files and Cobalt Strike BOFs in-memory
  ☆226Sep 13, 2022Updated 3 years ago
• jfmaes / AmsiHooker

  View on GitHub
  Hookers are cooler than patches.
  ☆170Jan 21, 2022Updated 4 years ago
• rad9800 / WTSRM

  View on GitHub
  WTSRM
  ☆215Aug 7, 2022Updated 3 years ago
• vovkos / protolesshooks

  View on GitHub
  API monitoring via return-hijacking thunks; works without information about target function prototypes.
  ☆117May 26, 2020Updated 5 years ago
• zhuhuibeishadiao / KernelHooksDetection_x64

  View on GitHub
  x64 Kernel Hooks Detection
  ☆24Jan 1, 2017Updated 9 years ago
• huntandhackett / process-cloning

  View on GitHub
  The Definitive Guide To Process Cloning on Windows
  ☆543Jan 3, 2024Updated 2 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• airbus-cert / Invoke-Bof

  View on GitHub
  Load any Beacon Object File using Powershell!
  ☆261Dec 9, 2021Updated 4 years ago
• bats3c / DarkLoadLibrary

  View on GitHub
  LoadLibrary for offensive operations
  ☆1,178Oct 22, 2021Updated 4 years ago
• thefLink / DeepSleep

  View on GitHub
  A variant of Gargoyle for x64 to hide memory artifacts using ROP only and PIC
  ☆375May 24, 2022Updated 3 years ago
• yjugl / mitimon

  View on GitHub
  Monitor ETW events for Windows process mitigation policies, with stack traces
  ☆31Oct 7, 2022Updated 3 years ago
• Deputation / instrumentation_callbacks

  View on GitHub
  A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.
  ☆158Nov 14, 2021Updated 4 years ago
• waldo-irc / MalMemDetect

  View on GitHub
  Detect strange memory regions and DLLs
  ☆190Jan 20, 2022Updated 4 years ago
• kkent030315 / CiGetCertPublisherName

  View on GitHub
  An example code of CiGetCertPublisherName
  ☆16Mar 24, 2022Updated 4 years ago