Alternatives and similar repositories for eBPFStudio

Users that are interested in eBPFStudio are comparing it to the libraries listed below

• zodiacon / VerifierDLL
  Example of building an application verifer DLL
  ☆46Updated last year
• zodiacon / RemoteThreadDetection
  Remote Thread Detection with a Kernel Driver
  ☆30Updated 4 months ago
• repnz / rpcmon
  RPC Monitor based on The ETW Microsoft-Windows-Rpc provider
  ☆24Updated 5 years ago
• rbmm / RtlClone
  ☆39Updated 3 months ago
• OxNinja / C-VM
  My try to implement a virtual CPU in C
  ☆19Updated last year
• wwh1004 / AmsiBypassUacDetector
  Detect BypassUAC using AMSI
  ☆23Updated 3 months ago
• 0xlane / com-process-inject
  Process Injection via Component Object Model (COM) IRundown::DoCallback().
  ☆59Updated 2 years ago
• je5442804 / CreateProcessInternalW-Full
  Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post
  ☆63Updated 9 months ago
• hid3rx / GhostWriting
  ☆30Updated last year
• zodiacon / winnativeapibooksamples
  Samples from my book Windows Native API programming
  ☆67Updated 3 weeks ago
• securedglobe / PersistantService
  A persistant Windows Service Proof of Concept, where the Service will run after Restart or Shutdown, and invoke a given software executab…
  ☆38Updated last year
• m417z / thread-call-stack-scanner
  Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…
  ☆76Updated last month
• jseclab / obj2shellcode
  shellcode生成框架
  ☆86Updated 10 months ago
• MahmoudZohdy / IAT-Obfuscation
  IAT-Obfuscation to make static analysis of executable harder.
  ☆42Updated 3 years ago
• jdu2600 / CFG-FindHiddenShellcode
  Walks the CFG bitmap to find previously executable but currently hidden shellcode regions
  ☆117Updated 2 years ago
• waleedassar / SyscallNumberFinder
  ☆33Updated 3 years ago
• m417z / LdrDllNotificationHook
  Hook all callbacks which are registered with LdrRegisterDllNotification
  ☆87Updated last month
• gabriellandau / ShadowStackWalk
  Finding Truth in the Shadows
  ☆92Updated 2 years ago
• zodiacon / WMIExplorer
  ☆17Updated 10 months ago
• bytewreck / hook-buster
  A compact tool for detecting AV/EDR hooks in default Windows libraries.
  ☆31Updated 3 years ago
• 0vercl0k / inject
  Yet another Windows DLL injector.
  ☆39Updated 3 years ago
• zodiacon / WinEventHooks
  SetWinEventHook Sample
  ☆47Updated last year
• TimMisiak / windup
  WinDbg installer/updater
  ☆41Updated last year
• bopin2020 / WindowsCamp
  Windows Kernel Knowledge && Collect Resources on the wire && Nothing innovation by myself &&
  ☆55Updated 3 weeks ago
• huoji120 / Etw-Syscall
  https://key08.com/index.php/2021/10/19/1375.html
  ☆67Updated 3 years ago
• 3dnow / NtCreateLowBoxToken
  A fully compatible replacement of Windows NT NtCreateLowBoxToken syscall - precisely restored from reverse engineering
  ☆36Updated 4 months ago
• baiyies / CrossInject
  32 bit process inject shellcode to 32 bit process and 64 bit process
  ☆32Updated 2 years ago
• zodiacon / DbgPrint
  Debug Print viewer (user and kernel)
  ☆66Updated last year
• ReCryptLLC / CVE-2022-42045
  ☆39Updated last year
• bb107 / RtlWow64
  c++ implementation of windows heavens gate
  ☆68Updated 4 years ago