ytk2128 / api-monitor32Links
A simple tool for detecting memory modifications to Windows API.
☆23Updated 7 months ago
Alternatives and similar repositories for api-monitor32
Users that are interested in api-monitor32 are comparing it to the libraries listed below
Sorting:
- Hook all callbacks which are registered with LdrRegisterDllNotification☆88Updated 4 months ago
- Lightweight Portable Executable parsing library and a demo peParser application.☆81Updated 2 years ago
- Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post☆66Updated last year
- Add an empty section to a PE file☆53Updated 8 years ago
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆113Updated 3 years ago
- SetWinEventHook Sample☆48Updated last year
- Dynamically generated obfuscated jumps and/or function calls☆36Updated 2 years ago
- APC DLL Injector with NtQueueApcThread and wake up thread support☆47Updated 7 years ago
- PoC for hiding PE exports☆67Updated 4 years ago
- ☆26Updated 2 years ago
- A ready-made template for a project based on libpeconv.☆47Updated 6 months ago
- Record & prevent file deletion in kernel mode☆44Updated 5 years ago
- Detours implementation (x64/x86) which used only ntdll import☆90Updated last year
- Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.☆31Updated 3 years ago
- ☆64Updated 2 years ago
- ☆114Updated 3 years ago
- Bypass UAC by abusing the Security Center CPL and hijacking a shell protocol handler☆29Updated 4 years ago
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆68Updated 2 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆90Updated 2 years ago
- Collection of DLL function export forwards for DLL export function proxying☆104Updated last week
- ☆15Updated 4 years ago
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆73Updated 4 years ago
- Clone running process with ZwCreateProcess☆58Updated 4 years ago
- Yet another Windows DLL injector.☆39Updated 3 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆106Updated 5 years ago
- ☆40Updated 2 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆35Updated 3 years ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆68Updated 6 years ago
- c++ implementation of windows heavens gate☆72Updated 4 years ago
- Injects position-dependent code into a code cave in an executable file, and applies relocations.☆22Updated 2 years ago