windows-internals

There are 22 repositories under windows-internals topic.

• ctftool

  taviso / ctftool

  Interactive CTF Exploration Tool

  reverse-engineeringsecuritywindowswindows-internals
  Language:C 1646
• windows-api-function-cheatsheets

  7etsuo / windows-api-function-cheatsheets

  A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization, interprocess communication, Unicode string manipulation, error handling, Winsock networking operations, and registry operations.

  cheatsheetmalware-analysismalware-researchreverse-engineeringsyscallssystems-programmingwin32-apiwindowswindows-10windows-11windows-apiwindows-internals
  979

• daem0nc0re / TangledWinExec

  PoCs and tools for investigation of Windows process execution techniques

  red-teamreverse-engineeringwindbg-extensionwindowswindows-internals
  Language:C# 889
• dumpulator

  mrexodia / dumpulator

  An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).

  cross-platformdebugging-toolseasy-to-useemulatorhacktoberfestmalwaremalware-analysismalware-analyzermalware-researchminidumppythonpython3reverse-engineeringsandboxunicornunpackingwindowswindows-internalsx64
  Language:C 771
• DEFCON-31-Syscalls-Workshop

  VirtualAlllocEx / DEFCON-31-Syscalls-Workshop

  Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

  antivirus-bypassantivirus-evasiondirect-syscallsedr-bypassedr-evasionindirect-syscallsmalware-analysismalware-developmentmalware-development-guideshellcodeshellcode-loadersyscallswindows-internalsworkshop
  Language:C 647
• TokenUniverse

  diversenok / TokenUniverse

  An advanced tool for working with access tokens and Windows security policy.

  access-tokensdelphinative-apisecuritysecurity-toolswindowswindows-internals
  Language:Pascal 588

• Dewera / Lunar

  A lightweight native DLL mapping library that supports mapping directly from memory

  dll-injectionreverse-engineeringwindows-internals
  Language:C# 586

• JustasMasiulis / nt_wrapper

  A wrapper library around native windows sytem APIs

  cpp17low-levelmalwaremodern-cppnative-apiobfuscationreverse-engineeringsyscallsystemwindows-internals
  Language:C++ 425

• ayoubfaouzi / windows-internals

  My notes while studying Windows internals

  dpcdriver-programmingio-managerirqlvirtual-memorywindows-internals
  Language:C 408

• AlSch092 / UltimateAntiCheat

  UltimateAntiCheat is an open source usermode anti-cheat system made to detect and prevent common attack vectors in game hacking (C++, Windows)

  anti-cheatanti-debuggingreverse-engineeringwindows-internalsgame-hackinganticheat
  Language:C++ 388

• christophetd / spoofing-office-macro

  :fish: PoC of a VBA macro spawning a process with a spoofed parent and command line.

  office-macroparent-process-spoofingprocess-injectionwindows-internalswindows-security
  Language:VBA 375

• S1ckB0y1337 / TokenPlayer

  Manipulating and Abusing Windows Access Tokens.

  lateral-movementpentest-toolpost-exploitationtokensuac-bypasswindowswindows-internalswindows-privilege-escalationwindows-security
  Language:C++ 272

• vxcute / WindowsInternals

  Yet another windows internals repo

  reverse-engineeringwindows-internals
  Language:C++ 205

• mrexodia / phnt-single-header

  Single header version of System Informer's phnt library.

  hacktoberfestnativeprocesshackersdksystem-informersysteminformerwdkwindowswindows-internals
  Language:CMake 187

• AndreyBazhan / SymStore

  The history of Windows Internals via symbols.

  halinternalskernelntdllntoskrnlsymbolswindowswindows-internalswindowsinternals
  Language:C 178

• mentebinaria / fundamentos-engenharia-reversa

  Livro: Engenharia Reversa - Fundamentos e Prática

  malware-analysiswindows-internalswindowsreverse-engineeringreversingcwin32linuxassemblywindows-apilivro
  171

• gabriel-sztejnworcel / pipe-intercept

  Intercept Windows Named Pipes communication using Burp or similar HTTP proxy tools

  interception-toolsmitmnamed-pipeswindows-internals
  Language:Python 170
• DLL-Injector

  adamhlt / DLL-Injector

  DLL Injector (LoadLibrary) in C++ (x86 / x64) - LoadLibrary DLL injector

  dll-injectiondll-injectorloadlibrarypewinapiwindowswindows-internals
  Language:C++ 122

• diversenok / NtUtilsLibrary

  Delphi library for system programming on Windows using Native API

  delphinative-apisystem-programmingwinapiwindowswindows-internalswindows-nt
  Language:Pascal 115

• diversenok / NtTools

  Some random system tools for Windows

  windowswinapintapisystemwindows-internals
  Language:Pascal 110

• Dewera / Pluto

  A manual system call library that supports functions from both ntdll.dll and win32u.dll

  reverse-engineeringsyscallwindows-internals
  Language:C# 107

• ionescu007 / wnfun

  WNF Utilities 4 Newbies (WNFUN)

  windowsinternalswindowsinternalskernelwnfreversingreverse-engineeringwindows-internals
  Language:Python 92

• DownWithUp / ALPC-Example

  An example of a client and server using Windows' ALPC functions to send and receive data.

  alpcexample-codelpcwindows-10windows-internals
  Language:C 90
• Manual-DLL-Loader

  adamhlt / Manual-DLL-Loader

  Custom LoadLibrary / GetProcAddress (x86 / x64) - Load DLL and retrieve functions manually

  dllloadermanualpewinapiwindowswindows-internals
  Language:C++ 81

• Air14 / SymbolicAccess

  Static user/kernel mode library that allows access to all functions and global variables by extracting offsets from the PDB

  cpppdbreverse-engineeringwindowswindows-internals
  Language:C++ 76
• PE-Explorer

  adamhlt / PE-Explorer

  PE Explorer in C++ (x86 / x64) - PE file parser, retrieve exports and imports

  pe-analyzerpe-viewerpewindowswindows-internals
  Language:C++ 66
• Cave-Finder

  adamhlt / Cave-Finder

  Tool to find code cave in PE image (x86 / x64) - Find empty space to place code in PE files

  codecavecpppewinapiwindowswindows-internals
  Language:C++ 62

• NtRaiseHardError / Dreadnought

  PoC for detecting and dumping code injection (built and extended on UnRunPE)

  pocinjectionwindowssecurityhookingcode-injectionmalware-researchmalware-analysisdll-injectiondll-injection-detectionwindows-internalswindows-api
  Language:C++ 56
• LoaderWatch

  andrew-boyarshin / LoaderWatch

  Windows 10 PE image loader (LDR) NTDLL component toolbox

  csharploaderntdllwindowswindows-10windows-internals
  Language:C 49

• yardenshafir / DpcWait

  Driver demonstrating how to register a DPC to asynchronously wait on an object

  windowswindows-internalsdpcwaitwindows-kerneldebugging
  Language:C++ 49

• yardenshafir / conference_talks

  Slides from various conference talks

  conference-talkedrexploitationmitigationwindowswindows-internals
  36

• Cipher7 / havoc-PoolParty

  Windows Thread Pool Injection Havoc Implementation

  bofc2chavocinjectionthread-poolwindowswindows-internals
  Language:Python 28

• DownWithUp / WarbirdExamples

  An example of how to use Microsoft Windows Warbird technology

  encryptionreverse-engineeringwindows-internals
  Language:C 27

• Broihon / ProcessInfo

  A class to gather information about a process, its threads and modules.

  reverse-engineeringwindows-internalspe-loader
  Language:C++ 24

• ElliotKillick / ms-devblogs-search

  Microsoft Developer Blogs Search Tool

  automationdevblogmicrosoftreverse-engineeringsearchsearch-toolwindowswindows-internalswindows-reverse-engineeringclicli-toollocal
  Language:Python 24

• Broihon / Import-Handler

  A small library to extend the functionality of GetModuleHandle and GetProcAddress to other processes

  pe-loaderwindows-internals
  Language:C++ 17