q53c

detection

Collection of Various Root Detection Apps for Android

APatch

The patching of Android kernel and Android system

DdiMon

Monitoring and controlling kernel API calls with stealth hook using EPT

nohv

Kernel driver for detecting Intel VT-x hypervisors.

meme-rw

Archive R/W into any protected process by changing the value of KTHREAD->PreviousMode

my-notes

无限期停更，请移步 https://5ec1cff.github.io/my-blog

dive

EPT-HOOK

隐藏钩子过PG

RealBlindingEDR

Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

SWH-Injector

An Injector that can inject dll into game process protected by anti cheat using SetWindowsHookEx.

WindowProtect

Etw hook 查找窗口相关内核函数 实现窗口保护 适用于Win10

fumo_loader

Fumo Loader - All in one kernel-based DLL injector

Kernel-Overlay-Hider

usersim

PointerSearcher-X

An application for finding memory pointers.

SEDarwin

query-pdb

query-pdb is a server-side software for parsing PDB files. The software provides PDB online parsing service.

wdbgark

WinDBG Anti-RootKit Extension

BlackDex

BlackDex is an Android unpack(dexdump) tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phone or emulator, you can unpack APK File in several seconds.

Lunar

A lightweight native DLL mapping library that supports mapping directly from memory

DarkMMap

Manual PE image mapper

MemoryModulePP

MemoryModule which compatible with Win32 API and support exception handling

CallStack-Spoofer

This tool will allow you to spoof the return addresses of your functions as well as system functions.

Syscall-Monitor

Syscall Monitor is a system monitor program (like Sysinternal's Process Monitor) using Intel VT-X/EPT for Windows7+

systeminformer

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com

SilkETW

wasm_lua

Lua VM running in a WASM environment

stunning-signature

Native Signature Verification For Android (with example)

EtwExplorer

View ETW Provider manifest

pytai

Kaitai Struct: Visualizer and Hex Viewer GUI in Python