ytk2128 / api-monitor32
Detecting Windows x86 API hooking and modification for analysis purposes
☆21Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for api-monitor32
- ☆27Updated 2 years ago
- Six cases demonstrating methods of optimizing GetProcAddress☆17Updated 2 years ago
- Yet another Windows DLL injector.☆38Updated 2 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆30Updated 3 years ago
- ☆32Updated 3 years ago
- Add an empty section to a PE file☆49Updated 7 years ago
- Enabled / Disable LSA Protection via BYOVD☆62Updated 2 years ago
- APC DLL Injector with NtQueueApcThread and wake up thread support☆44Updated 7 years ago
- My try to implement a virtual CPU in C☆19Updated 11 months ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆92Updated 5 years ago
- ☆15Updated 3 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆69Updated last year
- A kernel mode Windows rootkit in development.☆49Updated 2 years ago
- Process Injection: APC Injection☆27Updated 3 years ago
- Bypass UAC by abusing the Security Center CPL and hijacking a shell protocol handler☆26Updated 3 years ago
- ☆98Updated 2 years ago
- ☆22Updated 4 years ago
- ☆17Updated 3 years ago
- Hook all callbacks which are registered with LdrRegisterDllNotification☆81Updated last year
- Exploiting ring0 memcpy-like functionality to disable Driver Signing Enforcement (DSE)☆20Updated 4 years ago
- ☆12Updated last year
- Dynamically generated obfuscated jumps and/or function calls☆33Updated last year
- Clone running process with ZwCreateProcess☆58Updated 4 years ago
- Remote PE reflective injection with a simple reflective loader☆29Updated 5 years ago
- A compact tool for detecting AV/EDR hooks in default Windows libraries.☆29Updated 2 years ago
- Library for using direct system calls☆35Updated 4 years ago
- Dumps information about all the callback objects found in a dump file and the functions registered for them☆34Updated 4 years ago