ytk2128 / api-monitor32
Detecting Windows x86 API hooking and modification for analysis purposes
☆21Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for api-monitor32
- Yet another Windows DLL injector.☆38Updated 3 years ago
- ☆32Updated 3 years ago
- ☆15Updated 3 years ago
- Lightweight Portable Executable parsing library and a demo peParser application.☆75Updated last year
- A multi-staged malware that contains a kernel mode rootkit and a remote system shell.☆69Updated 3 years ago
- A compact tool for detecting AV/EDR hooks in default Windows libraries.☆29Updated 2 years ago
- ☆27Updated 2 years ago
- A Practical example of ELAM (Early Launch Anti-Malware)☆31Updated 3 years ago
- Enabled / Disable LSA Protection via BYOVD☆62Updated 2 years ago
- ☆98Updated 2 years ago
- Clone running process with ZwCreateProcess☆58Updated 4 years ago
- Listing UDP connections with remote address without sniffing.☆30Updated last year
- Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post☆47Updated 2 months ago
- Hook all callbacks which are registered with LdrRegisterDllNotification☆83Updated last year
- Six cases demonstrating methods of optimizing GetProcAddress☆17Updated 2 years ago
- Add an empty section to a PE file☆50Updated 7 years ago
- Exploiting ring0 memcpy-like functionality to disable Driver Signing Enforcement (DSE)☆20Updated 4 years ago
- ☆12Updated last year
- APC DLL Injector with NtQueueApcThread and wake up thread support☆44Updated 7 years ago
- Authenticode-parser is a simple C library for Authenticode format parsing using OpenSSL.☆16Updated 8 months ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆69Updated last year
- Windows API Hashes used in the malwares☆40Updated 9 years ago
- Process Injection: APC Injection☆27Updated 3 years ago
- Projects I did during the reading of @zodiacon's Windows Kernel Programming book☆9Updated 3 years ago
- Bypass UAC by abusing the Security Center CPL and hijacking a shell protocol handler☆26Updated 3 years ago
- Dumps information about all the callback objects found in a dump file and the functions registered for them☆34Updated 4 years ago
- My try to implement a virtual CPU in C☆19Updated last year
- A simple PE loader.☆25Updated last year