zodiacon / winnativeapibooksamples
Samples from my book Windows Native API programming
☆60Updated this week
Alternatives and similar repositories for winnativeapibooksamples:
Users that are interested in winnativeapibooksamples are comparing it to the libraries listed below
- Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post☆56Updated 6 months ago
- Finding Truth in the Shadows☆89Updated 2 years ago
- Hook all callbacks which are registered with LdrRegisterDllNotification☆85Updated 2 years ago
- Monitors ETW for security relevant syscalls maintaining the set called by each unique process☆73Updated last year
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆112Updated last year
- Remote Thread Detection with a Kernel Driver☆29Updated 2 months ago
- Example of building an application verifer DLL☆45Updated 9 months ago
- PoC exploit for HP Hardware Diagnostic's EtdSupp driver☆50Updated last year
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆118Updated last year
- ☆107Updated 2 years ago
- Next gen process injection technique☆45Updated 4 years ago
- Demonstrate calling a kernel function and handle process creation callback against HVCI☆51Updated 2 years ago
- Detours implementation (x64/x86) which used only ntdll import☆90Updated 9 months ago
- A x64 PE Packer/Protector Developed in C++ and VisualStudio☆51Updated last year
- ☆25Updated 2 years ago
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆109Updated 3 years ago
- SetWinEventHook Sample☆46Updated last year
- NtCreateUserProcess with CsrClientCallServer for mainstream Windows x64 version☆27Updated 8 months ago
- ☆112Updated 2 years ago
- ☆84Updated 9 months ago
- ☆28Updated 6 months ago
- My try to implement a virtual CPU in C☆19Updated last year
- silence file system monitoring components by hooking their minifilters☆56Updated last year
- Run Processes as PPL with ELAM☆160Updated 3 years ago
- A compact tool for detecting AV/EDR hooks in default Windows libraries.☆31Updated 2 years ago
- vulnerability in zam64.sys, zam32.sys allowing ring 0 code execution. CVE-2021-31727 and CVE-2021-31728 public reference.☆91Updated 3 years ago
- ☆18Updated 4 years ago
- ☆26Updated 3 years ago
- Minimal PoC developed as discuss in https://captmeelo.com/redteam/maldev/2022/05/10/ntcreateuserprocess.html☆134Updated 2 years ago
- Demo from the Malware Analysis and Development Webinar☆20Updated 11 months ago