zodiacon / ALPCLogger
Log ALPC activity
☆80Updated 11 months ago
Related projects: ⓘ
- Run any executable as SYSTEM account (no service required)☆119Updated 4 months ago
- Simple project that demonstrates how an ETW consumer can be created just by using NTDLL☆129Updated 5 years ago
- Advance LPC☆59Updated 7 years ago
- View handles and object for each object type☆61Updated 5 years ago
- windbg plugin for win32k debugging☆71Updated 4 years ago
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆63Updated 4 years ago
- kernel pool windbg extension☆79Updated 9 years ago
- Process Doppelgänging☆152Updated 6 years ago
- A command tree based on commands and extensions for Windows Kernel Debugging.☆104Updated 4 years ago
- File system minifilter driver for Windows to block symbolic link attacks.☆51Updated 3 years ago
- An example of a client and server using Windows' ALPC functions to send and receive data.☆88Updated 4 years ago
- An command-line RPC method enumerator, born out of RPCView's awesomeness☆97Updated 5 years ago
- Windows RPC Python fuzzer☆154Updated 6 years ago
- Explore Job Objects on a Windows system☆79Updated 5 years ago
- A simple API monitor for Windbg☆62Updated 7 years ago
- 0CCh Windbg extension: include some useful commands☆109Updated last year
- Elevation of privilege detector based on HyperPlatform☆118Updated 7 years ago
- ☆26Updated 6 years ago
- Adding exceptions to Microsoft's Control Flow Guard (CFG)☆58Updated 8 years ago
- Windbg extension to find PatchGuard pages☆116Updated 10 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆203Updated 4 years ago
- ☆52Updated 8 years ago
- Simple library to spray the Windows Kernel Pool☆102Updated 4 years ago
- Tools made for my Hyper-V blog series @ https://foxhex0ne.blogspot.com/☆53Updated 4 years ago
- A driver that hooks C: volume using symbolic link callback to track all FS access to the volume☆100Updated 4 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆103Updated 4 years ago
- Helper idapython code for reversing kmdf drivers☆68Updated 2 years ago
- Named pipe I/O ETW provider for Windows☆66Updated 4 years ago
- codes for my blog post: https://secrary.com/Random/InstrumentationCallback/☆165Updated 6 years ago
- Shellcode emulator written with Unicorn Framework With Process Dump Emulation Environment☆117Updated 4 years ago