yardenshafir / WinDbg_Scripts
Useful scripts for WinDbg using the debugger data model
☆383Updated 5 months ago
Related projects: ⓘ
- My personal cheat sheet for using WinDbg for kernel debugging☆371Updated last year
- A DTrace on Windows Reimplementation☆317Updated last month
- Time Travel Debugging IDA plugin☆551Updated 2 months ago
- View ETW Provider manifest☆413Updated 7 months ago
- Expriments☆438Updated 4 months ago
- My notes while studying Windows internals☆387Updated this week
- Events from all manifest-based and mof-based ETW providers across Windows 10 versions☆261Updated 4 months ago
- Samples for the book Windows Kernel Programming, 2nd edition☆283Updated last month
- Toy scripts for playing with WinDbg JS API☆213Updated 2 months ago
- Extract Windows Defender database from vdm files and unpack it☆419Updated 4 years ago
- A bunch of JavaScript extensions for WinDbg.☆310Updated 2 years ago
- Side-by-side comparison of the Windows and Linux (GNU) Loaders☆269Updated 2 weeks ago
- XNTSV program for detailed viewing of system structures for Windows.☆439Updated this week
- Internals information about Hyper-V☆657Updated this week
- Exploring RPC interfaces on Windows☆257Updated 7 months ago
- DEFCON 27 workshop - Modern Debugging with WinDbg Preview☆701Updated last year
- Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.☆308Updated 5 months ago
- Enumerating and removing kernel callbacks using signed vulnerable drivers☆537Updated last year
- A Pin Tool for tracing API calls etc☆1,268Updated 3 weeks ago
- RpcView is a free tool to explore and decompile Microsoft RPC interfaces☆905Updated 11 months ago
- A library to develop kernel level Windows payloads for post HVCI era☆355Updated 3 years ago
- Sysmon-Like research tool for ETW☆327Updated last year
- ☆288Updated 3 years ago
- An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in gen…☆728Updated 7 months ago
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆334Updated this week
- Yet another variant of Process Hollowing☆349Updated 6 months ago
- Research on Windows Kernel Executive Callback Objects☆277Updated 4 years ago
- Dynamic unpacker based on PE-sieve☆650Updated 6 months ago
- This is a repo for small, useful scripts and extensions☆236Updated last year
- awesome windbg extensions☆306Updated 5 years ago