Ecosyste.ms: Repos
An open API service providing repository metadata for many open source software ecosystems.
GitHub topics: windows-internals
LordNoteworthy/windows-internals
My notes while studying Windows internals
Language: C - Size: 3.41 MB - Last synced: 1 day ago - Pushed: 1 day ago - Stars: 363 - Forks: 77
7etsuo/windows-api-function-cheatsheets Fork of PaddyCahil/windows-api-function-cheatsheets
A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization, interprocess communication, Unicode string manipulation, error handling, Winsock networking operations, and registry operations.
Size: 27.1 MB - Last synced: 3 days ago - Pushed: 6 months ago - Stars: 108 - Forks: 9
juanga333/RDP-hook-stealer
A DLL injection of RdpThief.dll to perform API hooking and extract RDP credentials
Language: C++ - Size: 102 KB - Last synced: 9 days ago - Pushed: 10 days ago - Stars: 0 - Forks: 0
juanga333/ProcKatz
Just another process dumping tool for Windows, supporting network delivery and snapshots
Language: C++ - Size: 29.3 KB - Last synced: 9 days ago - Pushed: 10 days ago - Stars: 0 - Forks: 0
daem0nc0re/TangledWinExec
PoCs and tools for investigation of Windows process execution techniques
Language: C# - Size: 4.42 MB - Last synced: 17 days ago - Pushed: 27 days ago - Stars: 851 - Forks: 133
ElliotKillick/ms-devblogs-search
Microsoft Developer Blogs Search Tool
Language: Python - Size: 8.46 MB - Last synced: 19 days ago - Pushed: 20 days ago - Stars: 8 - Forks: 0
mrexodia/dumpulator
An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).
Language: C - Size: 750 KB - Last synced: 21 days ago - Pushed: 4 months ago - Stars: 665 - Forks: 45
mrexodia/phnt-single-header
Single header version of System Informer's phnt library.
Language: CMake - Size: 26.4 KB - Last synced: 21 days ago - Pushed: 7 months ago - Stars: 111 - Forks: 7
christophetd/spoofing-office-macro
:fish: PoC of a VBA macro spawning a process with a spoofed parent and command line.
Language: VBA - Size: 26.4 KB - Last synced: 21 days ago - Pushed: about 4 years ago - Stars: 371 - Forks: 86
AlSch092/UltimateAntiCheat
Research project - make an anti-cheat to detect: memory editing, debugging, injected modules, test signing mode, etc
Language: C++ - Size: 394 KB - Last synced: about 1 month ago - Pushed: about 1 month ago - Stars: 79 - Forks: 7
diversenok/NtUtilsLibrary
Delphi library for system programming on Windows using Native API
Language: Pascal - Size: 3.42 MB - Last synced: about 1 month ago - Pushed: about 1 month ago - Stars: 86 - Forks: 29
taviso/ctftool
Interactive CTF Exploration Tool
Language: C - Size: 1.68 MB - Last synced: about 1 month ago - Pushed: over 2 years ago - Stars: 1,627 - Forks: 282
diversenok/TokenUniverse
An advanced tool for working with access tokens and Windows security policy.
Language: Pascal - Size: 1.37 MB - Last synced: about 2 months ago - Pushed: about 2 months ago - Stars: 529 - Forks: 67
mentebinaria/fundamentos-engenharia-reversa
Livro: Engenharia Reversa - Fundamentos e PrΓ‘tica
Size: 3.32 MB - Last synced: about 2 months ago - Pushed: about 2 months ago - Stars: 156 - Forks: 33
S1ckB0y1337/TokenPlayer
Manipulating and Abusing Windows Access Tokens.
Language: C++ - Size: 1.1 MB - Last synced: about 1 month ago - Pushed: over 3 years ago - Stars: 251 - Forks: 46
EndOfEntropy/DLL-Manual-Mapping
Standard and DLL Manual Mapping
Language: C++ - Size: 12.7 KB - Last synced: 2 months ago - Pushed: 2 months ago - Stars: 0 - Forks: 0
d0ntrash/load_library_rs
Basic implementation of the Windows loader in Rust
Language: Rust - Size: 12.7 KB - Last synced: about 1 month ago - Pushed: over 1 year ago - Stars: 1 - Forks: 0
adamhlt/PE-Explorer
PE Explorer in C++ (x86 / x64) - PE file parser, retrieve exports and imports
Language: C++ - Size: 13.3 MB - Last synced: 3 months ago - Pushed: 3 months ago - Stars: 44 - Forks: 19
assarbad/Nidhogg Fork of Idov31/Nidhogg
Nidhogg is an all-in-one simple to use rootkit for red teams.
Language: C++ - Size: 904 KB - Last synced: 3 months ago - Pushed: 3 months ago - Stars: 2 - Forks: 0
assarbad/NtPebTeb
Little tool and (header-only lib) to investigate Windows Internals. Shout out to @zodiacon. No pull requests (this is actually a mirrored Mercurial repo).
Language: C++ - Size: 596 KB - Last synced: 3 months ago - Pushed: 3 months ago - Stars: 5 - Forks: 1
DownWithUp/WarbirdExamples
An example of how to use Microsoft Windows Warbird technology
Language: C - Size: 4.88 KB - Last synced: 4 months ago - Pushed: about 1 year ago - Stars: 18 - Forks: 1
VirtualAlllocEx/DEFCON-31-Syscalls-Workshop
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
Language: C - Size: 16.3 MB - Last synced: 4 months ago - Pushed: 4 months ago - Stars: 513 - Forks: 76
DownWithUp/ALPC-Example
An example of a client and server using Windows' ALPC functions to send and receive data.
Language: C - Size: 12.7 KB - Last synced: 4 months ago - Pushed: over 4 years ago - Stars: 79 - Forks: 28
jungawagat/Malware-Development
Repository for malware-development series on my youtube channel.
Size: 9.77 KB - Last synced: 5 months ago - Pushed: 5 months ago - Stars: 0 - Forks: 0
h4mr3r/ADSLoader
Just poc for Alternate Data Stream shellcode loader
Language: C++ - Size: 24.3 MB - Last synced: 6 months ago - Pushed: 6 months ago - Stars: 0 - Forks: 0
JustasMasiulis/nt_wrapper
A wrapper library around native windows sytem APIs
Language: C++ - Size: 535 KB - Last synced: 7 months ago - Pushed: over 3 years ago - Stars: 407 - Forks: 84
vxcute/WindowsInternals π¦
Yet another windows internals repo
Language: C++ - Size: 1.31 MB - Last synced: 7 months ago - Pushed: over 2 years ago - Stars: 200 - Forks: 29
Dewera/Pluto
A manual system call library that supports functions from both ntdll.dll and win32u.dll
Language: C# - Size: 70.3 KB - Last synced: 7 months ago - Pushed: about 1 year ago - Stars: 105 - Forks: 13
AndreyBazhan/SymStore
The history of Windows Internals via symbols.
Language: C - Size: 8.76 MB - Last synced: 7 months ago - Pushed: over 2 years ago - Stars: 175 - Forks: 36
Dewera/Lunar π¦
A lightweight native DLL mapping library that supports mapping directly from memory
Language: C# - Size: 389 KB - Last synced: 7 months ago - Pushed: 8 months ago - Stars: 581 - Forks: 104
diversenok/NtTools
Some random system tools for Windows
Language: Pascal - Size: 17.6 KB - Last synced: 7 months ago - Pushed: about 2 years ago - Stars: 98 - Forks: 21
assarbad/ntobjx
Replacement for WinObj
Language: C++ - Size: 3.93 MB - Last synced: 8 months ago - Pushed: 8 months ago - Stars: 1 - Forks: 1
gabriel-sztejnworcel/pipe-intercept
Intercept Windows Named Pipes communication using Burp or similar HTTP proxy tools
Language: Python - Size: 167 KB - Last synced: 7 months ago - Pushed: over 1 year ago - Stars: 154 - Forks: 16
dzik143/pe64-no-imports
PE32+ / 64-bit / LoadLibrary without imports table.
Language: Assembly - Size: 69.3 KB - Last synced: 9 months ago - Pushed: over 3 years ago - Stars: 3 - Forks: 0
dzik143/syscall-dump
Dump syscall numbers from ntdll.dll
Language: C - Size: 33.2 KB - Last synced: 9 months ago - Pushed: over 3 years ago - Stars: 6 - Forks: 2
dennisbabkin/MakeProcCrit
POC project to demonstrate how to make a process (or a thread) critical. If such process (or thread) is terminated, this will cause a BSOD.
Language: C++ - Size: 262 KB - Last synced: 9 months ago - Pushed: 9 months ago - Stars: 0 - Forks: 0
ionescu007/wnfun
WNF Utilities 4 Newbies (WNFUN)
Language: Python - Size: 652 KB - Last synced: 10 months ago - Pushed: over 5 years ago - Stars: 85 - Forks: 16
adamhlt/Manual-DLL-Loader
Custom LoadLibrary / GetProcAddress (x86 / x64) - Load DLL and retrieve functions manually
Language: C++ - Size: 1.82 MB - Last synced: 10 months ago - Pushed: 10 months ago - Stars: 30 - Forks: 13
adamhlt/DLL-Injector
DLL Injector (LoadLibrary) in C++ (x86 / x64) - LoadLibrary DLL injector
Language: C++ - Size: 7.64 MB - Last synced: 10 months ago - Pushed: 10 months ago - Stars: 42 - Forks: 14
HeavySin/PlugProtector
PlugProtector is a security project that safeguards a system's USB ports from untrusted devices
Language: C++ - Size: 113 KB - Last synced: 10 months ago - Pushed: 10 months ago - Stars: 1 - Forks: 0
xiosec/LeakGuard
LeakGuard is a project to prevent the use of leaked passwords.
Language: Go - Size: 221 KB - Last synced: 10 months ago - Pushed: 10 months ago - Stars: 1 - Forks: 0
kawaii-ghost/hello-world-nt-api
Hello World on Windows x64 using Native API
Language: Assembly - Size: 51.8 KB - Last synced: 11 months ago - Pushed: 11 months ago - Stars: 1 - Forks: 1
andrew-boyarshin/LoaderWatch
Windows 10 PE image loader (LDR) NTDLL component toolbox
Language: C - Size: 1010 KB - Last synced: 10 months ago - Pushed: over 4 years ago - Stars: 31 - Forks: 9
welikethestock/libutil
Language: C - Size: 514 KB - Last synced: 11 months ago - Pushed: 11 months ago - Stars: 0 - Forks: 0
adamhlt/Cave-Finder
Tool to find code cave in PE image (x86 / x64) - Find empty space to place code in PE files
Language: C++ - Size: 780 KB - Last synced: 10 months ago - Pushed: 10 months ago - Stars: 16 - Forks: 3
SalahEldinFikri/Windows-Internals
In this repo i will try to talk about windows internals and try to summary the course.
Size: 5.86 KB - Last synced: about 1 year ago - Pushed: about 1 year ago - Stars: 0 - Forks: 0
yardenshafir/conference_talks
Slides from various conference talks
Size: 5.22 MB - Last synced: 12 months ago - Pushed: 12 months ago - Stars: 28 - Forks: 7
Exploitables/Windows-Pool-Structures
My love for learning Windows internals continues.
Language: C - Size: 33.2 KB - Last synced: about 1 year ago - Pushed: almost 2 years ago - Stars: 15 - Forks: 2
LowMem0ry/MessageBoxA-Hooking
MessageBoxA() Hooking
Language: C++ - Size: 10.5 MB - Last synced: about 1 year ago - Pushed: over 1 year ago - Stars: 4 - Forks: 0
xiosec/Hollow
Hollow is a tool for implementing the process hollowing technique.
Language: C# - Size: 27.3 KB - Last synced: about 1 year ago - Pushed: over 1 year ago - Stars: 1 - Forks: 0
AlSch092/VisualStudioMenu-Proxy
Proxy DLL for Visual Studio Menu (vsenvmnu.dll, WDExpressMnu.dll)
Language: C++ - Size: 11.7 KB - Last synced: about 1 year ago - Pushed: over 1 year ago - Stars: 0 - Forks: 0
Broihon/ProcessInfo
A class to gather information about a process, its threads and modules.
Language: C++ - Size: 16.6 KB - Last synced: about 1 year ago - Pushed: about 4 years ago - Stars: 19 - Forks: 9
yardenshafir/DpcWait
Driver demonstrating how to register a DPC to asynchronously wait on an object
Language: C++ - Size: 14.6 KB - Last synced: about 1 year ago - Pushed: over 3 years ago - Stars: 40 - Forks: 24
NtRaiseHardError/Dreadnought
PoC for detecting and dumping code injection (built and extended on UnRunPE)
Language: C++ - Size: 48.8 KB - Last synced: about 1 year ago - Pushed: over 5 years ago - Stars: 52 - Forks: 21
Broihon/Import-Handler
A small library to extend the functionality of GetModuleHandle and GetProcAddress to other processes
Language: C++ - Size: 6.84 KB - Last synced: about 1 year ago - Pushed: about 4 years ago - Stars: 13 - Forks: 8
Lit3r4lly/WKP-Exercises
Solutions to Windows Kernel Programming exercises by Pavel Yosifovich
Language: C - Size: 74.2 KB - Last synced: about 1 year ago - Pushed: over 3 years ago - Stars: 2 - Forks: 0
f1zm0/WinDBG-Cheatsheet
WinDBG notes and commands cheatsheet
Size: 23.4 KB - Last synced: about 1 year ago - Pushed: about 2 years ago - Stars: 0 - Forks: 0
StavM/WinProcessMemoryMadeEasy
Read and Edit external application's memory address space with ease (Windows os)
Language: VBA - Size: 20.5 KB - Last synced: about 1 year ago - Pushed: over 4 years ago - Stars: 3 - Forks: 1
kohoutech/Kohoutech.OBOE
OBOE - Origami Binary for Objects and Executables
Language: C# - Size: 139 KB - Last synced: about 1 year ago - Pushed: almost 4 years ago - Stars: 0 - Forks: 0
