GitHub topics: windows-internals

Repositories

diversenok/NtUtilsLibrary

Delphi library for system programming on Windows using Native API

Language: Pascal - Size: 3.21 MB - Last synced at: about 19 hours ago - Pushed at: about 20 hours ago - Stars: 122 - Forks: 40

grimy86/CCI25 📦

CCI25 is an open-source collection of notes, summaries, insights, etc. on computer science topics into a unified learning resource.

Language: C++ - Size: 13.8 MB - Last synced at: about 23 hours ago - Pushed at: about 23 hours ago - Stars: 4 - Forks: 0

dutchpsycho/ActiveBreach-Engine

Dynamic Syscall Dispatch & Execution Framework, Bypassing Usermode hooks & Kernel protections

Language: C++ - Size: 214 KB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 12 - Forks: 0

ayoubfaouzi/windows-internals

My notes while studying Windows internals

Language: C - Size: 6.6 MB - Last synced at: about 14 hours ago - Pushed at: 4 months ago - Stars: 425 - Forks: 83

AlSch092/UltimateAntiCheat

UltimateAnticheat is an open source usermode anti-cheat system made to detect and prevent common attack vectors in game cheating (C++, Windows)

Language: C - Size: 10.3 MB - Last synced at: 5 days ago - Pushed at: 5 days ago - Stars: 451 - Forks: 58

adamhlt/DLL-Injector

DLL Injector (LoadLibrary) in C++ (x86 / x64) - LoadLibrary DLL injector

Language: C++ - Size: 7.64 MB - Last synced at: 3 days ago - Pushed at: over 1 year ago - Stars: 139 - Forks: 24

provrb/libprocman

A Windows library for doing things you probably shouldn’t be doing with processes, tokens, and system calls.

Language: C++ - Size: 8.79 KB - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 0 - Forks: 0

VirtualAlllocEx/DEFCON-31-Syscalls-Workshop

Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

Language: C - Size: 16.3 MB - Last synced at: 1 day ago - Pushed at: over 1 year ago - Stars: 655 - Forks: 95

S1ckB0y1337/TokenPlayer

Manipulating and Abusing Windows Access Tokens.

Language: C++ - Size: 1.1 MB - Last synced at: 9 days ago - Pushed at: over 4 years ago - Stars: 274 - Forks: 45

daem0nc0re/TangledWinExec

PoCs and tools for investigation of Windows process execution techniques

Language: C# - Size: 4.41 MB - Last synced at: 8 days ago - Pushed at: about 1 month ago - Stars: 913 - Forks: 143

adamhlt/PE-Explorer

PE Explorer in C++ (x86 / x64) - PE file parser, retrieve exports and imports

Language: C++ - Size: 13.3 MB - Last synced at: 3 days ago - Pushed at: about 1 year ago - Stars: 65 - Forks: 19

taviso/ctftool

Interactive CTF Exploration Tool

Language: C - Size: 1.68 MB - Last synced at: 13 days ago - Pushed at: over 3 years ago - Stars: 1,655 - Forks: 269

mrexodia/dumpulator

An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).

Language: C - Size: 750 KB - Last synced at: 13 days ago - Pushed at: about 1 year ago - Stars: 790 - Forks: 44

diversenok/TokenUniverse

An advanced tool for working with access tokens and Windows security policy.

Language: Pascal - Size: 1.42 MB - Last synced at: 12 days ago - Pushed at: 9 months ago - Stars: 596 - Forks: 66

mrexodia/phnt-single-header

Single header version of System Informer's phnt library.

Language: CMake - Size: 46.9 KB - Last synced at: 17 days ago - Pushed at: 17 days ago - Stars: 209 - Forks: 15

JustasMasiulis/nt_wrapper

A wrapper library around native windows sytem APIs

Language: C++ - Size: 535 KB - Last synced at: 16 days ago - Pushed at: about 4 years ago - Stars: 431 - Forks: 83

islipnot/WinInject

Command line DLL injector for Windows 10 (unfinished).

Language: C++ - Size: 126 KB - Last synced at: 22 days ago - Pushed at: 22 days ago - Stars: 3 - Forks: 0

Air14/SymbolicAccess

Static user/kernel mode library that allows access to all functions and global variables by extracting offsets from the PDB

Language: C++ - Size: 21.1 MB - Last synced at: 23 days ago - Pushed at: 23 days ago - Stars: 85 - Forks: 17

christophetd/spoofing-office-macro

:fish: PoC of a VBA macro spawning a process with a spoofed parent and command line.

Language: VBA - Size: 26.4 KB - Last synced at: 28 days ago - Pushed at: almost 5 years ago - Stars: 380 - Forks: 83

mentebinaria/fundamentos-engenharia-reversa

Livro: Engenharia Reversa - Fundamentos e Prática

Size: 3.32 MB - Last synced at: 21 days ago - Pushed at: 9 months ago - Stars: 178 - Forks: 33

andrew-boyarshin/LoaderWatch

Windows 10 PE image loader (LDR) NTDLL component toolbox

Language: C - Size: 1010 KB - Last synced at: 9 days ago - Pushed at: over 5 years ago - Stars: 49 - Forks: 12

assarbad/Nidhogg Fork of Idov31/Nidhogg

Nidhogg is an all-in-one simple to use rootkit for red teams.

Language: C++ - Size: 720 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 7 - Forks: 1

adamhlt/Cave-Finder

Tool to find code cave in PE image (x86 / x64) - Find empty space to place code in PE files

Language: C++ - Size: 780 KB - Last synced at: 3 days ago - Pushed at: over 1 year ago - Stars: 64 - Forks: 8

captain-woof/Hydrangea-C2-Payloads

A cross-platform, collaborative C2 for red-teaming. Agents are cross-compilable (e.g, you can generate Windows DLLs on Linux), cross-compatible, and built with evasion, anti-analysis and stability in mind. All capabilities are natively implemented from scratch.

Language: C++ - Size: 253 KB - Last synced at: 28 days ago - Pushed at: about 2 months ago - Stars: 2 - Forks: 0

yardenshafir/DpcWait

Driver demonstrating how to register a DPC to asynchronously wait on an object

Language: C++ - Size: 14.6 KB - Last synced at: 7 days ago - Pushed at: over 4 years ago - Stars: 49 - Forks: 26

captain-woof/Hydrangea-C2

Language: Python - Size: 6.06 MB - Last synced at: 8 days ago - Pushed at: about 2 months ago - Stars: 2 - Forks: 0

aniko33/Windows-Internals-7th-edition-book

Windows Internals 7th book but free (PDF)

Size: 67.3 MB - Last synced at: 10 days ago - Pushed at: 5 months ago - Stars: 1 - Forks: 1

adamhlt/Manual-DLL-Loader

Custom LoadLibrary / GetProcAddress (x86 / x64) - Load DLL and retrieve functions manually

Language: C++ - Size: 1.82 MB - Last synced at: 3 days ago - Pushed at: over 1 year ago - Stars: 87 - Forks: 21

scrymastic/HookNt

A Windows NT API hooking tool for intercepting and monitoring system calls

Language: C++ - Size: 421 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 0 - Forks: 0

ionescu007/wnfun

WNF Utilities 4 Newbies (WNFUN)

Language: Python - Size: 652 KB - Last synced at: 7 days ago - Pushed at: over 6 years ago - Stars: 94 - Forks: 16

alnicke/UsefulPDF

Useful PDFs to learn Reverse engineering, Assembly, C and Windows Internals.

Size: 40.7 MB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 0 - Forks: 0

hacktoor1/Spider-Security

Notes Certificate && WriteUps && Solve Machines && Books

Language: Shell - Size: 146 MB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 2 - Forks: 0

f1zm0/WinDBG-Cheatsheet

WinDBG notes and commands cheatsheet

Size: 23.4 KB - Last synced at: about 2 months ago - Pushed at: about 3 years ago - Stars: 5 - Forks: 0

yardenshafir/conference_talks

Slides from various conference talks

Size: 5.22 MB - Last synced at: 7 days ago - Pushed at: almost 2 years ago - Stars: 36 - Forks: 10

DownWithUp/ALPC-Example

An example of a client and server using Windows' ALPC functions to send and receive data.

Language: C - Size: 12.7 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 90 - Forks: 29

7etsuo/windows-api-function-cheatsheets Fork of PaddyCahil/windows-api-function-cheatsheets

A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization, interprocess communication, Unicode string manipulation, error handling, Winsock networking operations, and registry operations.

Size: 27.2 MB - Last synced at: 3 months ago - Pushed at: 7 months ago - Stars: 971 - Forks: 106

ElliotKillick/ms-devblogs-search

Microsoft Developer Blogs Search Tool

Language: Python - Size: 10.5 MB - Last synced at: 3 days ago - Pushed at: 6 months ago - Stars: 24 - Forks: 0

VirtualAlllocEx/Shell-we-Assembly

Shellcode execution via x86 inline assembly based on MSVC syntax

Language: C++ - Size: 26.4 KB - Last synced at: 7 days ago - Pushed at: almost 2 years ago - Stars: 13 - Forks: 5

xiosec/Hollow

Hollow is a tool for implementing the process hollowing technique.

Language: C# - Size: 27.3 KB - Last synced at: 9 days ago - Pushed at: about 2 years ago - Stars: 7 - Forks: 1

islipnot/WinLoad

Reversing and recreating the Windows 10 image loader (usermode, x86)

Language: C - Size: 83 KB - Last synced at: 11 days ago - Pushed at: 5 months ago - Stars: 2 - Forks: 0

dk0m/Pie

A Light Pe Parser Written In Nim.

Language: Nim - Size: 7.81 KB - Last synced at: 29 days ago - Pushed at: 9 months ago - Stars: 2 - Forks: 0

mehrshadmollaafzal/DACL-Bypass

PoC for Bypassing DACL in Windows with DuplicateHandle

Language: C++ - Size: 5.06 MB - Last synced at: 8 months ago - Pushed at: 8 months ago - Stars: 0 - Forks: 0

dk0m/DlangWhispers

Implementation Of SysWhispers Direct / Indirect System Call Technique In D.

Language: D - Size: 32.2 KB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 2 - Forks: 0

dk0m/HwBpD

Utilizing Hardware Breakpoints For Hooking In D.

Language: D - Size: 20.5 KB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 1 - Forks: 0

dk0m/GetSyscallStubD

Fetching Fresh System Call Stubs From NTDLL (Read From Disk) In D.

Language: D - Size: 5.86 KB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 1 - Forks: 0

dk0m/SentinelsGate

Fetching System Call Service Numbers From The Control Flow Guard Function Table.

Language: C++ - Size: 6.84 KB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 0 - Forks: 0

dk0m/FindSsdt

Fun Little Code To Find The Address Of The Kernel SSDT From Usermode.

Language: C++ - Size: 62.5 KB - Last synced at: 9 months ago - Pushed at: 9 months ago - Stars: 0 - Forks: 0

juanga333/ProcKatz

Just another process dumping tool for Windows, supporting network delivery and snapshots

Language: C++ - Size: 30.3 KB - Last synced at: 10 months ago - Pushed at: 10 months ago - Stars: 0 - Forks: 0

juanga333/RDP-hook-stealer

A DLL injection of RdpThief.dll to perform API hooking and extract RDP credentials

Language: C++ - Size: 102 KB - Last synced at: 11 months ago - Pushed at: 11 months ago - Stars: 0 - Forks: 0

EndOfEntropy/DLL-Manual-Mapping

Standard and DLL Manual Mapping

Language: C++ - Size: 12.7 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 0 - Forks: 0

d0ntrash/load_library_rs

Basic implementation of the Windows loader in Rust

Language: Rust - Size: 12.7 KB - Last synced at: 4 days ago - Pushed at: over 2 years ago - Stars: 1 - Forks: 0

assarbad/NtPebTeb

Little tool and (header-only lib) to investigate Windows Internals. Shout out to @zodiacon. No pull requests (this is actually a mirrored Mercurial repo).

Language: C++ - Size: 596 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 5 - Forks: 1

DownWithUp/WarbirdExamples

An example of how to use Microsoft Windows Warbird technology

Language: C - Size: 4.88 KB - Last synced at: about 1 year ago - Pushed at: almost 2 years ago - Stars: 18 - Forks: 1

jungawagat/Malware-Development

Repository for malware-development series on my youtube channel.

Size: 9.77 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

vxcute/WindowsInternals 📦

Yet another windows internals repo

Language: C++ - Size: 1.31 MB - Last synced at: over 1 year ago - Pushed at: over 3 years ago - Stars: 200 - Forks: 29

Dewera/Pluto

A manual system call library that supports functions from both ntdll.dll and win32u.dll

Language: C# - Size: 70.3 KB - Last synced at: over 1 year ago - Pushed at: about 2 years ago - Stars: 105 - Forks: 13

AndreyBazhan/SymStore

The history of Windows Internals via symbols.

Language: C - Size: 8.76 MB - Last synced at: over 1 year ago - Pushed at: over 3 years ago - Stars: 175 - Forks: 36

Dewera/Lunar 📦

A lightweight native DLL mapping library that supports mapping directly from memory

Language: C# - Size: 389 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 581 - Forks: 104

Related Keywords

windows-internals 78 windows 43 reverse-engineering 21 malware 7 cpp 7 malware-analysis 6 windows-10 6 edr-evasion 6 ntdll 6 winapi 6 c 6 internals 5 security 5 red-team 5 native-api 5 pe 4 windows-api 4 malware-research 4 malware-development 4 pentest-tool 4 dll-injection 4 syscall 4 low-level 3 x86-64 3 reversing 3 windows-security 3 windowsinternals 3 linux 3 hooking 3 syscalls 3 loader 3 game-hacking 2 assembly 2 debugging 2 dll 2 dll-injector 2 loadlibrary 2 red-team-tools 2 c2 2 pentesting 2 evasion 2 edr-bypass 2 redteam 2 low-level-programming 2 edr 2 exploitation 2 windows-11 2 cybersecurity 2 win32api 2 system 2 pe-loader 2 windows-reverse-engineering 2 win32-api 2 minidump 2 pe32-plus 2 hacktoberfest 2 dpc 2 pe64 2 kernel 2 system-programming 2 api-hooking 2 delphi 2 encryption 1 teb 1 peb 1 callbacks 1 rust-lang 1 rust 1 portable-executable 1 credential-theft 1 pe-files 1 manual-mapping 1 pentesting-tool 1 dll-mapping 1 manual-map-dll 1 systems-programming 1 automation 1 cli 1 cli-tool 1 devblog 1 local 1 microsoft 1 search 1 search-tool 1 av-bypass 1 av-evasion 1 inline-assembly 1 process-hollowing 1 redteaming 1 nim 1 pe-parser 1 ace 1 ace-bypass 1 bugbounty-tool 1 bypass-dacl 1 dacl 1 dacl-bypass 1 duplicatehandle 1 handle-security 1 security-descriptors 1