windows-internals | Topic | Ecosyste.ms: Repos

Topic: "windows-internals"

taviso/ctftool

Interactive CTF Exploration Tool

Language: C - Size: 1.68 MB - Last synced at: 26 days ago - Pushed at: over 3 years ago - Stars: 1,656 - Forks: 269

7etsuo/windows-api-function-cheatsheets Fork of PaddyCahil/windows-api-function-cheatsheets

A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization, interprocess communication, Unicode string manipulation, error handling, Winsock networking operations, and registry operations.

Size: 27.2 MB - Last synced at: 5 months ago - Pushed at: 9 months ago - Stars: 971 - Forks: 106

daem0nc0re/TangledWinExec

PoCs and tools for investigation of Windows process execution techniques

Language: C# - Size: 4.41 MB - Last synced at: 10 days ago - Pushed at: 10 days ago - Stars: 918 - Forks: 142

mrexodia/dumpulator

An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).

Language: C - Size: 750 KB - Last synced at: 26 days ago - Pushed at: over 1 year ago - Stars: 803 - Forks: 44

VirtualAlllocEx/DEFCON-31-Syscalls-Workshop

Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

Language: C - Size: 16.3 MB - Last synced at: about 1 hour ago - Pushed at: 26 days ago - Stars: 666 - Forks: 95

diversenok/TokenUniverse

An advanced tool for working with access tokens and Windows security policy.

Language: Pascal - Size: 1.47 MB - Last synced at: 3 days ago - Pushed at: 3 days ago - Stars: 614 - Forks: 67

Dewera/Lunar 📦

A lightweight native DLL mapping library that supports mapping directly from memory

Language: C# - Size: 389 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 581 - Forks: 104

AlSch092/UltimateAntiCheat

UltimateAnticheat is an open source usermode anti-cheat system made to detect and prevent common attack vectors in game cheating (C++, Windows)

Language: C - Size: 10.4 MB - Last synced at: 3 days ago - Pushed at: about 2 months ago - Stars: 469 - Forks: 67

JustasMasiulis/nt_wrapper

A wrapper library around native windows sytem APIs

Language: C++ - Size: 535 KB - Last synced at: 23 days ago - Pushed at: over 4 years ago - Stars: 432 - Forks: 84

ayoubfaouzi/windows-internals

My notes while studying Windows internals

Language: C - Size: 6.6 MB - Last synced at: 4 days ago - Pushed at: 6 months ago - Stars: 430 - Forks: 84

christophetd/spoofing-office-macro

:fish: PoC of a VBA macro spawning a process with a spoofed parent and command line.

Language: VBA - Size: 26.4 KB - Last synced at: 3 months ago - Pushed at: about 5 years ago - Stars: 380 - Forks: 83

S1ckB0y1337/TokenPlayer

Manipulating and Abusing Windows Access Tokens.

Language: C++ - Size: 1.1 MB - Last synced at: 2 months ago - Pushed at: over 4 years ago - Stars: 274 - Forks: 45

mrexodia/phnt-single-header

Single header version of System Informer's phnt library.

Language: CMake - Size: 45.9 KB - Last synced at: 25 days ago - Pushed at: 26 days ago - Stars: 221 - Forks: 15

vxcute/WindowsInternals 📦

Yet another windows internals repo

Language: C++ - Size: 1.31 MB - Last synced at: over 1 year ago - Pushed at: almost 4 years ago - Stars: 200 - Forks: 29

mentebinaria/fundamentos-engenharia-reversa

Livro: Engenharia Reversa - Fundamentos e Prática

Size: 4.6 MB - Last synced at: about 6 hours ago - Pushed at: about 6 hours ago - Stars: 182 - Forks: 33

AndreyBazhan/SymStore

The history of Windows Internals via symbols.

Language: C - Size: 8.76 MB - Last synced at: over 1 year ago - Pushed at: over 3 years ago - Stars: 175 - Forks: 36

gabriel-sztejnworcel/pipe-intercept

Intercept Windows Named Pipes communication using Burp or similar HTTP proxy tools

Language: Python - Size: 167 KB - Last synced at: over 1 year ago - Pushed at: over 2 years ago - Stars: 154 - Forks: 16

adamhlt/DLL-Injector

DLL Injector (LoadLibrary) in C++ (x86 / x64) - LoadLibrary DLL injector

Language: C++ - Size: 7.64 MB - Last synced at: 7 days ago - Pushed at: almost 2 years ago - Stars: 148 - Forks: 26

diversenok/NtUtilsLibrary

Delphi library for system programming on Windows using Native API

Language: Pascal - Size: 3.32 MB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 128 - Forks: 41

Dewera/Pluto

A manual system call library that supports functions from both ntdll.dll and win32u.dll

Language: C# - Size: 70.3 KB - Last synced at: over 1 year ago - Pushed at: about 2 years ago - Stars: 105 - Forks: 13

diversenok/NtTools

Some random system tools for Windows

Language: Pascal - Size: 17.6 KB - Last synced at: over 1 year ago - Pushed at: about 3 years ago - Stars: 98 - Forks: 21

ionescu007/wnfun

WNF Utilities 4 Newbies (WNFUN)

Language: Python - Size: 652 KB - Last synced at: 2 months ago - Pushed at: over 6 years ago - Stars: 94 - Forks: 16

adamhlt/Manual-DLL-Loader

Custom LoadLibrary / GetProcAddress (x86 / x64) - Load DLL and retrieve functions manually

Language: C++ - Size: 1.82 MB - Last synced at: 7 days ago - Pushed at: almost 2 years ago - Stars: 93 - Forks: 22

DownWithUp/ALPC-Example

An example of a client and server using Windows' ALPC functions to send and receive data.

Language: C - Size: 12.7 KB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 90 - Forks: 29

Air14/SymbolicAccess

Static user/kernel mode library that allows access to all functions and global variables by extracting offsets from the PDB

Language: C++ - Size: 21.1 MB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 85 - Forks: 17

adamhlt/Cave-Finder

Tool to find code cave in PE image (x86 / x64) - Find empty space to place code in PE files

Language: C++ - Size: 780 KB - Last synced at: 7 days ago - Pushed at: almost 2 years ago - Stars: 66 - Forks: 9

adamhlt/PE-Explorer

PE Explorer in C++ (x86 / x64) - PE file parser, retrieve exports and imports

Language: C++ - Size: 13.3 MB - Last synced at: 7 days ago - Pushed at: over 1 year ago - Stars: 65 - Forks: 19

NtRaiseHardError/Dreadnought

PoC for detecting and dumping code injection (built and extended on UnRunPE)

Language: C++ - Size: 48.8 KB - Last synced at: over 2 years ago - Pushed at: over 6 years ago - Stars: 52 - Forks: 21

yardenshafir/DpcWait

Driver demonstrating how to register a DPC to asynchronously wait on an object

Language: C++ - Size: 14.6 KB - Last synced at: 2 months ago - Pushed at: over 4 years ago - Stars: 49 - Forks: 26

andrew-boyarshin/LoaderWatch

Windows 10 PE image loader (LDR) NTDLL component toolbox

Language: C - Size: 1010 KB - Last synced at: 2 months ago - Pushed at: over 5 years ago - Stars: 49 - Forks: 12

yardenshafir/conference_talks

Slides from various conference talks

Size: 5.22 MB - Last synced at: 2 months ago - Pushed at: about 2 years ago - Stars: 36 - Forks: 10

ElliotKillick/ms-devblogs-search

Microsoft Developer Blogs Search Tool

Language: Python - Size: 11.7 MB - Last synced at: 6 days ago - Pushed at: about 2 months ago - Stars: 24 - Forks: 0

Broihon/ProcessInfo

A class to gather information about a process, its threads and modules.

Language: C++ - Size: 16.6 KB - Last synced at: over 2 years ago - Pushed at: about 5 years ago - Stars: 19 - Forks: 9

DownWithUp/WarbirdExamples

An example of how to use Microsoft Windows Warbird technology

Language: C - Size: 4.88 KB - Last synced at: over 1 year ago - Pushed at: about 2 years ago - Stars: 18 - Forks: 1

Exploitables/Windows-Pool-Structures

My love for learning Windows internals continues.

Language: C - Size: 33.2 KB - Last synced at: over 2 years ago - Pushed at: almost 3 years ago - Stars: 15 - Forks: 2

VirtualAlllocEx/Shell-we-Assembly

Shellcode execution via x86 inline assembly based on MSVC syntax

Language: C++ - Size: 26.4 KB - Last synced at: about 1 hour ago - Pushed at: about 2 years ago - Stars: 13 - Forks: 5

Broihon/Import-Handler

A small library to extend the functionality of GetModuleHandle and GetProcAddress to other processes

Language: C++ - Size: 6.84 KB - Last synced at: over 2 years ago - Pushed at: about 5 years ago - Stars: 13 - Forks: 8

dutchpsycho/ActiveBreach-Engine

SysWhispers & HellsGate Successor — Dynamic Syscall Dispatch Engine with Runtime Debugger & Anti-Tamper. Bypasses Userland Hooks & Kernel Callbacks

Language: C++ - Size: 214 KB - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 12 - Forks: 0

assarbad/Nidhogg Fork of Idov31/Nidhogg

Nidhogg is an all-in-one simple to use rootkit for red teams.

Language: C++ - Size: 720 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 7 - Forks: 1

xiosec/Hollow

Hollow is a tool for implementing the process hollowing technique.

Language: C# - Size: 27.3 KB - Last synced at: 2 months ago - Pushed at: over 2 years ago - Stars: 7 - Forks: 1

dzik143/syscall-dump

Dump syscall numbers from ntdll.dll

Language: C - Size: 33.2 KB - Last synced at: almost 2 years ago - Pushed at: over 4 years ago - Stars: 6 - Forks: 2

assarbad/NtPebTeb

Little tool and (header-only lib) to investigate Windows Internals. Shout out to @zodiacon. No pull requests (this is actually a mirrored Mercurial repo).

Language: C++ - Size: 596 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 5 - Forks: 1

f1zm0/WinDBG-Cheatsheet

WinDBG notes and commands cheatsheet

Size: 23.4 KB - Last synced at: 4 months ago - Pushed at: about 3 years ago - Stars: 5 - Forks: 0

grimy86/CCI25 📦

CCI25 is an open-source collection of notes, summaries, insights, etc. on computer science topics into a unified learning resource.

Language: C++ - Size: 13.8 MB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 4 - Forks: 0

LowMem0ry/MessageBoxA-Hooking

MessageBoxA() Hooking

Language: C++ - Size: 10.5 MB - Last synced at: over 2 years ago - Pushed at: over 2 years ago - Stars: 4 - Forks: 0

islipnot/WinInject

Command line DLL injector for Windows 10 (unfinished).

Language: C++ - Size: 126 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 3 - Forks: 0

RtlSecureZeroMemory/UsefulPDF

Useful PDFs to learn Reverse engineering, Assembly, C and Windows Internals.

Size: 179 MB - Last synced at: 20 days ago - Pushed at: 4 months ago - Stars: 3 - Forks: 0

xiosec/LeakGuard

LeakGuard is a project to prevent the use of leaked passwords.

Language: Go - Size: 221 KB - Last synced at: 3 months ago - Pushed at: almost 2 years ago - Stars: 3 - Forks: 0

dzik143/pe64-no-imports

PE32+ / 64-bit / LoadLibrary without imports table.

Language: Assembly - Size: 69.3 KB - Last synced at: almost 2 years ago - Pushed at: over 4 years ago - Stars: 3 - Forks: 0

StavM/WinProcessMemoryMadeEasy

Read and Edit external application's memory address space with ease (Windows os)

Language: VBA - Size: 20.5 KB - Last synced at: over 2 years ago - Pushed at: over 5 years ago - Stars: 3 - Forks: 1

islipnot/WinLoad

Reversing & recreating Windows 10 image loader with executable API resolution. (usermode, x64/86)

Language: C - Size: 83 KB - Last synced at: 9 days ago - Pushed at: 9 days ago - Stars: 2 - Forks: 0

captain-woof/Hydrangea-C2-Payloads

A cross-platform, collaborative C2 for red-teaming. Agents are cross-compilable (e.g, you can generate Windows DLLs on Linux), cross-compatible, and built with evasion, anti-analysis and stability in mind. All capabilities are natively implemented from scratch.

Language: C++ - Size: 253 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 2 - Forks: 0