Alternatives and similar repositories for eBPFStudio

Users that are interested in eBPFStudio are comparing it to the libraries listed below

• zodiacon / VerifierDLL
  Example of building an application verifer DLL
  ☆46Updated last year
• zodiacon / RemoteThreadDetection
  Remote Thread Detection with a Kernel Driver
  ☆30Updated 5 months ago
• OxNinja / C-VM
  My try to implement a virtual CPU in C
  ☆19Updated last year
• repnz / rpcmon
  RPC Monitor based on The ETW Microsoft-Windows-Rpc provider
  ☆24Updated 5 years ago
• 0xlane / com-process-inject
  Process Injection via Component Object Model (COM) IRundown::DoCallback().
  ☆60Updated 2 years ago
• Coldzer0 / TinyPDBParser
  Windows PDB Parser using Imagehlp library.
  ☆16Updated 2 years ago
• wwh1004 / AmsiBypassUacDetector
  Detect BypassUAC using AMSI
  ☆23Updated 4 months ago
• m417z / thread-call-stack-scanner
  Safely manage the unloading of DLLs that have been hooked into a process. Context: https://github.com/KNSoft/KNSoft.SlimDetours/discussio…
  ☆77Updated last month
• baiyies / CrossInject
  32 bit process inject shellcode to 32 bit process and 64 bit process
  ☆34Updated 2 years ago
• waleedassar / SyscallNumberFinder
  ☆33Updated 3 years ago
• gabriellandau / ShadowStackWalk
  Finding Truth in the Shadows
  ☆95Updated 2 years ago
• zodiacon / WinEventHooks
  SetWinEventHook Sample
  ☆48Updated last year
• evilashz / PigSyscall
  An implementation of an indirect system call
  ☆129Updated last year
• je5442804 / CreateProcessInternalW-Full
  Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post
  ☆63Updated 9 months ago
• hongson11698 / defender-database-extract
  defender_database
  ☆18Updated last year
• mstange / symsrv
  Download pdbs from symbol servers and cache locally, parse symbol paths from env vars
  ☆22Updated 3 months ago
• gerhart01 / Hyper-V-Tools
  Different tools for Microsoft Hyper-V researching
  ☆57Updated last year
• tandasat / CVE-2022-25949
  A years-old exploit of a local EoP vulnerability in Kingsoft Antivirus KWatch Driver version 2009.3.17.77.
  ☆38Updated 3 years ago
• 3dnow / NtCreateLowBoxToken
  A fully compatible replacement of Windows NT NtCreateLowBoxToken syscall - precisely restored from reverse engineering
  ☆38Updated last week
• zodiacon / ApiSetView
  API Set Viewer
  ☆89Updated 5 months ago
• namazso / dll-universal-patcher
  A universal binary patching dll.
  ☆89Updated 8 months ago
• backengineering / pdbgen2
  Generate a PDB file given the old PDB file and an address mapping
  ☆48Updated 3 months ago
• D0pam1ne705 / Direct-NtCreateUserProcess
  Call NtCreateUserProcess directly as normal.
  ☆71Updated 3 years ago
• not-matthias / vmprotect-rs
  Rust bindings for VMProtect.
  ☆26Updated last year
• TimMisiak / windup
  WinDbg installer/updater
  ☆41Updated last year
• m417z / LdrDllNotificationHook
  Hook all callbacks which are registered with LdrRegisterDllNotification
  ☆87Updated 2 months ago
• zodiacon / KObjects
  Sample for Creating a new kernel object type and supporting API
  ☆24Updated 9 months ago
• h0li3 / mpengine_diskus
  参考taviso的代码逆向一下mpengine.dll
  ☆19Updated 2 years ago
• Dump-GUY / sc2pe
  Simple dotnet Native AOT app that uses AsmResolver to convert shellcode to PE
  ☆65Updated 2 years ago
• bopin2020 / WindowsCamp
  Windows Kernel Knowledge && Collect Resources on the wire && Nothing innovation by myself &&
  ☆56Updated this week