yardenshafir / WinDbg_Scripts

Related projects: ⓘ

• repnz / windbg-cheat-sheet
  My personal cheat sheet for using WinDbg for kernel debugging
  ☆371Updated last year
• mandiant / STrace
  A DTrace on Windows Reimplementation
  ☆317Updated last month
• airbus-cert / ttddbg
  Time Travel Debugging IDA plugin
  ☆551Updated 2 months ago
• zodiacon / EtwExplorer
  View ETW Provider manifest
  ☆413Updated 7 months ago
• commial / experiments
  Expriments
  ☆438Updated 4 months ago
• LordNoteworthy / windows-internals
  My notes while studying Windows internals
  ☆387Updated this week
• jdu2600 / Windows10EtwEvents
  Events from all manifest-based and mof-based ETW providers across Windows 10 versions
  ☆261Updated 4 months ago
• zodiacon / windowskernelprogrammingbook2e
  Samples for the book Windows Kernel Programming, 2nd edition
  ☆283Updated last month
• hugsy / windbg_js_scripts
  Toy scripts for playing with WinDbg JS API
  ☆213Updated 2 months ago
• hfiref0x / WDExtract
  Extract Windows Defender database from vdm files and unpack it
  ☆419Updated 4 years ago
• 0vercl0k / windbg-scripts
  A bunch of JavaScript extensions for WinDbg.
  ☆310Updated 2 years ago
• ElliotKillick / windows-vs-linux-loader-architecture
  Side-by-side comparison of the Windows and Linux (GNU) Loaders
  ☆269Updated 2 weeks ago
• horsicq / xntsv
  XNTSV program for detailed viewing of system structures for Windows.
  ☆439Updated this week
• gerhart01 / Hyper-V-Internals
  Internals information about Hyper-V
  ☆657Updated this week
• trailofbits / RpcInvestigator
  Exploring RPC interfaces on Windows
  ☆257Updated 7 months ago
• hugsy / defcon_27_windbg_workshop
  DEFCON 27 workshop - Modern Debugging with WinDbg Preview
  ☆701Updated last year
• hugsy / CFB
  Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.
  ☆308Updated 5 months ago
• br-sn / CheekyBlinder
  Enumerating and removing kernel callbacks using signed vulnerable drivers
  ☆537Updated last year
• hasherezade / tiny_tracer
  A Pin Tool for tracing API calls etc
  ☆1,268Updated 3 weeks ago
• silverf0x / RpcView
  RpcView is a free tool to explore and decompile Microsoft RPC interfaces
  ☆905Updated 11 months ago
• Cr4sh / KernelForge
  A library to develop kernel level Windows payloads for post HVCI era
  ☆355Updated 3 years ago
• pathtofile / Sealighter
  Sysmon-Like research tool for ETW
  ☆327Updated last year
• rajiv2790 / FalconEye
  ☆288Updated 3 years ago
• mrexodia / dumpulator
  An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in gen…
  ☆728Updated 7 months ago
• Bw3ll / sharem
  SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…
  ☆334Updated this week
• hasherezade / process_overwriting
  Yet another variant of Process Hollowing
  ☆349Updated 6 months ago
• 0xcpu / ExecutiveCallbackObjects
  Research on Windows Kernel Executive Callback Objects
  ☆277Updated 4 years ago
• hasherezade / mal_unpack
  Dynamic unpacker based on PE-sieve
  ☆650Updated 6 months ago
• TimMisiak / WinDbgCookbook
  This is a repo for small, useful scripts and extensions
  ☆236Updated last year
• anhkgg / awesome-windbg-extensions
  awesome windbg extensions
  ☆306Updated 5 years ago