ytk2128 / api-monitor32Links
A simple tool for detecting memory modifications to Windows API.
☆23Updated 11 months ago
Alternatives and similar repositories for api-monitor32
Users that are interested in api-monitor32 are comparing it to the libraries listed below
Sorting:
- Hook all callbacks which are registered with LdrRegisterDllNotification☆95Updated 9 months ago
- Add an empty section to a PE file☆53Updated 8 years ago
- ☆26Updated 3 years ago
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆115Updated 3 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆35Updated 4 years ago
- Detours implementation (x64/x86) which used only ntdll import☆90Updated 2 months ago
- Dynamically generated obfuscated jumps and/or function calls☆38Updated 2 years ago
- Lightweight Portable Executable parsing library and a demo peParser application.☆80Updated 3 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆74Updated 2 years ago
- Clone running process with ZwCreateProcess☆59Updated 5 years ago
- Proof-of-Concept software for detecting AV/EDR hooks in Windows libraries.☆36Updated 3 years ago
- A modified RunPE (process hollowing) technique avoiding the usage of SetThreadContext by appending a TLS section which calls the original…☆97Updated 6 years ago
- ☆116Updated 3 years ago
- Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post☆75Updated last year
- A ready-made template for a project based on libpeconv.☆51Updated 2 months ago
- Yet another Windows DLL injector.☆40Updated 4 years ago
- ☆59Updated 3 years ago
- arbitrary kernel read/write in dbutil_2_3.sys, Proof of Concept Local Privilege Escalation to nt authority/system☆58Updated 4 years ago
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆79Updated 3 years ago
- Helper Script to convert a Windbg dumped structure (using the 'dt' command) into a C structure. It creates dummy structs for you if neede…☆27Updated 2 years ago
- A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W & more.☆35Updated 3 years ago
- SetWinEventHook Sample☆50Updated 2 years ago
- APC DLL Injector with NtQueueApcThread and wake up thread support☆48Updated 8 years ago
- Injects position-dependent code into a code cave in an executable file, and applies relocations.☆24Updated 2 years ago
- 2022 Updated Kernelmode-Code☆33Updated last year
- This script is used to unload PsSetCreateProcessNotifyRoutineEx, PsSetCreateProcessNotifyRoutine, PsSetLoadImageNotifyRoutine and PsSetCr…☆63Updated last year
- Process Injection without R/W target memory and without creating a remote thread☆19Updated 3 years ago
- ☆72Updated 2 years ago
- Shellcodev is a tool designed to help and automate the process of shellcode creation.☆111Updated 2 years ago
- ☆39Updated 2 years ago