windows-internals

There are 20 repositories under windows-internals topic.

• ctftool

  taviso / ctftool

  Interactive CTF Exploration Tool

  reverse-engineeringsecuritywindowswindows-internals
  Language:C 1641
• windows-api-function-cheatsheets

  7etsuo / windows-api-function-cheatsheets

  A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization, interprocess communication, Unicode string manipulation, error handling, Winsock networking operations, and registry operations.

  windowswindows-apicheatsheetsystems-programmingwindows-10windows-internalssyscallswin32-apiwindows-11malware-analysismalware-researchreverse-engineering
  935

• daem0nc0re / TangledWinExec

  PoCs and tools for investigation of Windows process execution techniques

  red-teamreverse-engineeringwindbg-extensionwindowswindows-internals
  Language:C# 883
• dumpulator

  mrexodia / dumpulator

  An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).

  pythonpython3malware-analysismalware-researchmalware-analyzerunicornminidumpemulatorx64easy-to-usesandboxcross-platformhacktoberfestmalwarereverse-engineeringwindowswindows-internalsdebugging-toolsunpacking
  Language:C 750
• DEFCON-31-Syscalls-Workshop

  VirtualAlllocEx / DEFCON-31-Syscalls-Workshop

  Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

  antivirus-bypassantivirus-evasionedr-bypassedr-evasionmalware-developmentwindows-internalsdirect-syscallsindirect-syscallsmalware-analysismalware-development-guideworkshopshellcode-loadersyscallsshellcode
  Language:C 636

• Dewera / Lunar

  A lightweight native DLL mapping library that supports mapping directly from memory

  dll-injectionreverse-engineeringwindows-internals
  Language:C# 587
• TokenUniverse

  diversenok / TokenUniverse

  An advanced tool for working with access tokens and Windows security policy.

  access-tokensdelphinative-apisecuritysecurity-toolswindowswindows-internals
  Language:Pascal 571

• JustasMasiulis / nt_wrapper

  A wrapper library around native windows sytem APIs

  cpp17low-levelmalwaremodern-cppnative-apiobfuscationreverse-engineeringsyscallsystemwindows-internals
  Language:C++ 420

• LordNoteworthy / windows-internals

  My notes while studying Windows internals

  dpcdriver-programmingio-managerirqlvirtual-memorywindows-internals
  Language:C 400

• christophetd / spoofing-office-macro

  :fish: PoC of a VBA macro spawning a process with a spoofed parent and command line.

  office-macroparent-process-spoofingprocess-injectionwindows-internalswindows-security
  Language:VBA 375

• AlSch092 / UltimateAntiCheat

  UltimateAntiCheat is an open source usermode anti-cheat system made to detect and prevent common attack vectors in game hacking (C++, Windows)

  anti-cheatanti-debugginganticheatgame-hackingreverse-engineeringwindows-internals
  Language:C++ 340

• S1ckB0y1337 / TokenPlayer

  Manipulating and Abusing Windows Access Tokens.

  windowswindows-privilege-escalationwindows-internalstokenswindows-securitypentest-toolpost-exploitationlateral-movementuac-bypass
  Language:C++ 267

• vxcute / WindowsInternals

  Yet another windows internals repo

  reverse-engineeringwindows-internals
  Language:C++ 205

• mrexodia / phnt-single-header

  Single header version of System Informer's phnt library.

  hacktoberfestnativeprocesshackersdksystem-informersysteminformerwdkwindowswindows-internals
  Language:CMake 186

• AndreyBazhan / SymStore

  The history of Windows Internals via symbols.

  halinternalskernelntdllntoskrnlsymbolswindowswindows-internalswindowsinternals
  Language:C 177

• mentebinaria / fundamentos-engenharia-reversa

  Livro: Engenharia Reversa - Fundamentos e Prática

  assemblyclinuxlivromalware-analysisreverse-engineeringreversingwin32windowswindows-apiwindows-internals
  168

• gabriel-sztejnworcel / pipe-intercept

  Intercept Windows Named Pipes communication using Burp or similar HTTP proxy tools

  interception-toolsmitmnamed-pipeswindows-internals
  Language:Python 166

• diversenok / NtUtilsLibrary

  Delphi library for system programming on Windows using Native API

  delphinative-apisystem-programmingwinapiwindowswindows-internalswindows-nt
  Language:Pascal 111
• DLL-Injector

  adamhlt / DLL-Injector

  DLL Injector (LoadLibrary) in C++ (x86 / x64) - LoadLibrary DLL injector

  dll-injectiondll-injectorloadlibrarypewinapiwindowswindows-internals
  Language:C++ 109

• Dewera / Pluto

  A manual system call library that supports functions from both ntdll.dll and win32u.dll

  reverse-engineeringsyscallwindows-internals
  Language:C# 107

• diversenok / NtTools

  Some random system tools for Windows

  ntapisystemwinapiwindowswindows-internals
  Language:Pascal 106

• ionescu007 / wnfun

  WNF Utilities 4 Newbies (WNFUN)

  internalskernelreverse-engineeringreversingwindowswindows-internalswindowsinternalswnf
  Language:Python 92

• DownWithUp / ALPC-Example

  An example of a client and server using Windows' ALPC functions to send and receive data.

  alpcexample-codelpcwindows-10windows-internals
  Language:C 89
• Manual-DLL-Loader

  adamhlt / Manual-DLL-Loader

  Custom LoadLibrary / GetProcAddress (x86 / x64) - Load DLL and retrieve functions manually

  dllloadermanualpewinapiwindowswindows-internals
  Language:C++ 73

• Air14 / SymbolicAccess

  Static user/kernel mode library that allows access to all functions and global variables by extracting offsets from the PDB

  cpppdbreverse-engineeringwindowswindows-internals
  Language:C++ 73
• PE-Explorer

  adamhlt / PE-Explorer

  PE Explorer in C++ (x86 / x64) - PE file parser, retrieve exports and imports

  pe-analyzerpe-viewerpewindowswindows-internals
  Language:C++ 63
• Cave-Finder

  adamhlt / Cave-Finder

  Tool to find code cave in PE image (x86 / x64) - Find empty space to place code in PE files

  codecavecpppewinapiwindowswindows-internals
  Language:C++ 58

• NtRaiseHardError / Dreadnought

  PoC for detecting and dumping code injection (built and extended on UnRunPE)

  pocinjectionwindowssecurityhookingcode-injectionmalware-researchmalware-analysisdll-injectiondll-injection-detectionwindows-internalswindows-api
  Language:C++ 54

• yardenshafir / DpcWait

  Driver demonstrating how to register a DPC to asynchronously wait on an object

  windowswindows-internalsdpcwaitwindows-kerneldebugging
  Language:C++ 48
• LoaderWatch

  andrew-boyarshin / LoaderWatch

  Windows 10 PE image loader (LDR) NTDLL component toolbox

  csharploaderntdllwindowswindows-10windows-internals
  Language:C 41

• yardenshafir / conference_talks

  Slides from various conference talks

  conference-talkedrexploitationmitigationwindowswindows-internals
  36

• Cipher7 / havoc-PoolParty

  Windows Thread Pool Injection Havoc Implementation

  bofc2chavocinjectionthread-poolwindowswindows-internals
  Language:Python 28

• ElliotKillick / ms-devblogs-search

  Microsoft Developer Blogs Search Tool

  automationclicli-tooldevbloglocalmicrosoftreverse-engineeringsearchsearch-toolwindowswindows-internalswindows-reverse-engineering
  Language:Python 26

• DownWithUp / WarbirdExamples

  An example of how to use Microsoft Windows Warbird technology

  encryptionreverse-engineeringwindows-internals
  Language:C 25

• Broihon / ProcessInfo

  A class to gather information about a process, its threads and modules.

  reverse-engineeringwindows-internalspe-loader
  Language:C++ 24

• Broihon / Import-Handler

  A small library to extend the functionality of GetModuleHandle and GetProcAddress to other processes

  pe-loaderwindows-internals
  Language:C++ 17