windows-internals
There are 18 repositories under windows-internals topic.
- ctftoolLanguage:C 1631
daem0nc0re / TangledWinExec
PoCs and tools for investigation of Windows process execution techniques
Language:C# 852- dumpulator
mrexodia / dumpulator
An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).
Language:C 663 - Language:C# 585
- DEFCON-31-Syscalls-Workshop
VirtualAlllocEx / DEFCON-31-Syscalls-Workshop
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
Language:C 551 - TokenUniverse
diversenok / TokenUniverse
An advanced tool for working with access tokens and Windows security policy.
Language:Pascal 530 JustasMasiulis / nt_wrapper
A wrapper library around native windows sytem APIs
Language:C++ 417christophetd / spoofing-office-macro
:fish: PoC of a VBA macro spawning a process with a spoofed parent and command line.
Language:VBA 371LordNoteworthy / windows-internals
My notes while studying Windows internals
Language:C 348S1ckB0y1337 / TokenPlayer
Manipulating and Abusing Windows Access Tokens.
Language:C++ 254- Language:C++ 204
AndreyBazhan / SymStore
The history of Windows Internals via symbols.
Language:C 176mentebinaria / fundamentos-engenharia-reversa
Livro: Engenharia Reversa - Fundamentos e Prática
gabriel-sztejnworcel / pipe-intercept
Intercept Windows Named Pipes communication using Burp or similar HTTP proxy tools
Language:Python 158Single header version of System Informer's phnt library.
Language:CMake 111Dewera / Pluto
A manual system call library that supports functions from both ntdll.dll and win32u.dll
Language:C# 1097etsuo / windows-api-function-cheatsheets
A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization, interprocess communication, Unicode string manipulation, error handling, Winsock networking operations, and registry operations.
- Language:Pascal 100
Delphi library for system programming on Windows using Native API
Language:Pascal 90ionescu007 / wnfun
WNF Utilities 4 Newbies (WNFUN)
Language:Python 88AlSch092 / UltimateAntiCheat
Research project - make an anti-cheat to detect: memory editing, debugging, injected modules, test signing mode, etc
Language:C++ 86- DLL-Injector
adamhlt / DLL-Injector
DLL Injector (LoadLibrary) in C++ (x86 / x64) - LoadLibrary DLL injector
Language:C++ 83 DownWithUp / ALPC-Example
An example of a client and server using Windows' ALPC functions to send and receive data.
Language:C 81Air14 / SymbolicAccess
Static user/kernel mode library that allows access to all functions and global variables by extracting offsets from the PDB
Language:C++ 60- Manual-DLL-Loader
Custom LoadLibrary / GetProcAddress (x86 / x64) - Load DLL and retrieve functions manually
Language:C++ 53 NtRaiseHardError / Dreadnought
PoC for detecting and dumping code injection (built and extended on UnRunPE)
Language:C++ 53- Cave-Finder
Tool to find code cave in PE image (x86 / x64) - Find empty space to place code in PE files
Language:C++ 49 - PE-Explorer
PE Explorer in C++ (x86 / x64) - PE file parser, retrieve exports and imports
Language:C++ 49 yardenshafir / DpcWait
Driver demonstrating how to register a DPC to asynchronously wait on an object
Language:C++ 43- LoaderWatch
andrew-boyarshin / LoaderWatch
Windows 10 PE image loader (LDR) NTDLL component toolbox
Language:C 39 Slides from various conference talks
Broihon / ProcessInfo
A class to gather information about a process, its threads and modules.
Language:C++ 22An example of how to use Microsoft Windows Warbird technology
Language:C 22A small library to extend the functionality of GetModuleHandle and GetProcAddress to other processes
Language:C++ 15Shellcode execution via x86 inline assembly based on MSVC syntax
Language:C++ 12dzik143 / syscall-dump
Dump syscall numbers from ntdll.dll
Language:C 10
