Alternatives and similar repositories for eBPFStudio

Users that are interested in eBPFStudio are comparing it to the libraries listed below

• zodiacon / VerifierDLL
  Example of building an application verifer DLL
  ☆48Updated last year
• 0xlane / com-process-inject
  Process Injection via Component Object Model (COM) IRundown::DoCallback().
  ☆60Updated 2 years ago
• zodiacon / winnativeapibooksamples
  Samples from my book Windows Native API programming
  ☆71Updated 2 months ago
• je5442804 / CreateProcessInternalW-Full
  Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post
  ☆64Updated 10 months ago
• baiyies / CrossInject
  32 bit process inject shellcode to 32 bit process and 64 bit process
  ☆35Updated 2 years ago
• 0mWindyBug / RansomGuard
  anti-ransomware file-system filter
  ☆59Updated 10 months ago
• magnusstubman / dll-exports
  Collection of DLL function export forwards for DLL export function proxying
  ☆98Updated last year
• zodiacon / TraceConnections
  Simple example for getting started with eBPF for Windows
  ☆46Updated 4 months ago
• OxNinja / C-VM
  My try to implement a virtual CPU in C
  ☆19Updated last year
• wwh1004 / AmsiBypassUacDetector
  Detect BypassUAC using AMSI
  ☆26Updated 4 months ago
• MahmoudZohdy / APICallProxy
  Windows API Call Obfuscation
  ☆106Updated 2 years ago
• zodiacon / ApiSetView
  API Set Viewer
  ☆90Updated 5 months ago
• zodiacon / RemoteThreadDetection
  Remote Thread Detection with a Kernel Driver
  ☆31Updated 5 months ago
• worawit / malk
  Demonstrate calling a kernel function and handle process creation callback against HVCI
  ☆64Updated 2 years ago
• zodiacon / sysrun
  Run any executable as SYSTEM account (no service required)
  ☆131Updated last year
• zodiacon / WinEventHooks
  SetWinEventHook Sample
  ☆48Updated last year
• namazso / dll-universal-patcher
  A universal binary patching dll.
  ☆91Updated 9 months ago
• gabriellandau / ShadowStackWalk
  Finding Truth in the Shadows
  ☆110Updated 2 years ago
• jbaines-r7 / dellicious
  Enabled / Disable LSA Protection via BYOVD
  ☆70Updated 3 years ago
• 3dnow / NtCreateLowBoxToken
  A fully compatible replacement of Windows NT NtCreateLowBoxToken syscall - precisely restored from reverse engineering
  ☆39Updated last month
• Coldzer0 / TinyPDBParser
  Windows PDB Parser using Imagehlp library.
  ☆16Updated 2 years ago
• repnz / rpcmon
  RPC Monitor based on The ETW Microsoft-Windows-Rpc provider
  ☆24Updated 5 years ago
• m417z / LdrDllNotificationHook
  Hook all callbacks which are registered with LdrRegisterDllNotification
  ☆87Updated 3 months ago
• ReCryptLLC / CVE-2022-42045
  ☆39Updated 2 years ago
• rbmm / NtDetours
  Detours implementation (x64/x86) which used only ntdll import
  ☆90Updated last year
• mstange / symsrv
  Download pdbs from symbol servers and cache locally, parse symbol paths from env vars
  ☆22Updated 4 months ago
• hasherezade / sig_finder
  Signature finder (from PE-bear)
  ☆36Updated 2 months ago
• zodiacon / WinSys
  C++ library for low-level Windows development
  ☆75Updated last year
• not-matthias / kernel-alloc-rs
  Minimalistic Windows Kernel Allocator.
  ☆49Updated 10 months ago
• m417z / thread-call-stack-scanner
  Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…
  ☆78Updated 3 weeks ago