ytk2128 / api-monitor32Links
A simple tool for detecting memory modifications to Windows API.
☆23Updated 8 months ago
Alternatives and similar repositories for api-monitor32
Users that are interested in api-monitor32 are comparing it to the libraries listed below
Sorting:
- Hook all callbacks which are registered with LdrRegisterDllNotification☆89Updated 5 months ago
- Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post☆67Updated last year
- Dynamically generated obfuscated jumps and/or function calls☆36Updated 2 years ago
- SetWinEventHook Sample☆49Updated last year
- APC DLL Injector with NtQueueApcThread and wake up thread support☆47Updated 8 years ago
- Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.☆31Updated 3 years ago
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆113Updated 3 years ago
- Detours implementation (x64/x86) which used only ntdll import☆90Updated last year
- Add an empty section to a PE file☆53Updated 8 years ago
- Lightweight Portable Executable parsing library and a demo peParser application.☆80Updated 2 years ago
- ☆114Updated 3 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆98Updated 5 years ago
- ☆26Updated 2 years ago
- Collection of DLL function export forwards for DLL export function proxying☆105Updated last month
- Yet another Windows DLL injector.☆38Updated 3 years ago
- Bypass UAC by abusing the Security Center CPL and hijacking a shell protocol handler☆29Updated 4 years ago
- ☆64Updated 2 years ago
- ZwProcessHollowing is a x64 process hollowing project which uses direct systemcalls, dll unhooking and RC4 payload decryption☆89Updated 2 years ago
- ☆59Updated 3 years ago
- Process Injection without R/W target memory and without creating a remote thread☆19Updated 3 years ago
- Clone running process with ZwCreateProcess☆58Updated 4 years ago
- Weaponizing Gigabyte driver for priv escalation and bypass PPL☆69Updated 6 years ago
- A ready-made template for a project based on libpeconv.☆48Updated 7 months ago
- Injects position-dependent code into a code cave in an executable file, and applies relocations.☆22Updated 2 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆73Updated 2 years ago
- ☆40Updated 2 years ago
- IAT-Obfuscation to make static analysis of executable harder.☆44Updated 4 years ago
- PoC for hiding PE exports☆67Updated 4 years ago
- A PoC designed to bypass all usermode hooks in a WoW64 environment.☆150Updated 5 years ago
- PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)☆109Updated 4 years ago