ntdll
There are 46 repositories under ntdll topic.
wbenny/DetoursNT
Detours with just single dependency - NTDLL
Chuyu-Team/MINT
Contains the definitions for the Windows Internal UserMode API from ntdll.dll, samlib.dll and winsta.dll.
f1zm0/hades
Go shellcode loader that combines multiple evasion techniques
therealdreg/DbgChild
Debug Child Process Tool (auto attach)
nbs32k/inline-syscall
Inline syscalls made for MSVC supporting x64 and WOW64
AndreyBazhan/SymStore
The history of Windows Internals via symbols.
danielkrupinski/OneByteLdr
Bypass for CS:GO's LoadLibrary injection prevention mechanism, achieved by patching one byte of game memory.
wbenny/EtwConsumerNT
Simple project that demonstrates how an ETW consumer can be created just by using NTDLL
MiroKaku/Nt-Modules
Collect different versions of Crucial modules.
wbenny/woftool
woftool is a proof-of-concept utility for creating WOF-compressed files
DosX-dev/DefCollection
This repository houses an extensive collection of .def files, which are header files containing enumerations of entry points for various native libraries. These entry points serve as essential references for developers seeking to interact with these libraries from their codebases.
joshfinley/SyscallDumper
Dump system call codes, names, and offsets from Ntdll.dll
MiroKaku/Musa.Core
Use ntdll/ntoskrnl to implement Kernel32, Advapi32 and other APIs. It includes user-mode and kernel-mode.
hillu/go-ntdll
Go interface to NTDLL functions
KNSoft/KNSoft.SlimDetours
An improved Detours.
andrew-boyarshin/LoaderWatch
Windows 10 PE image loader (LDR) NTDLL component toolbox
Flawww/WoW64Injection
Proof of concept for injecting a 64-bit DLL into a 32-bit application
zeroclear/xpext
Windows XP API extension
andrew9382/manual_mapping_dll_injector
manual mapping injector
ChrisPritchard/golang-shellcode-runner
A shellcode runner / injector / hollower in Go, for windows
ikermit/11Syscalls
Windows 11 Syscall table. Ready to use in direct syscall. Actively maintained.
killswitch-GUI/IsDebuggerPresent
Debugger checks in 3 ways
DissectMalware/WinNativeIO
Using Undocumented NTDLL Functions to Read/Write/Delete File
SaturnsVoid/Process-Protection
Basic windows process protection written in Go, using the NtSetInformationProcess API
KNSoft/KNSoft.NDK
KNSoft.NDK provides native C/C++ definitions and import libraries for Windows NT.
11philip22/CodeInjection
Collection of shellcode injection and execution techniques
opcode86/SysCaller
Single header library to simplify the usage of direct syscalls. x64/x86
dzik143/syscall-dump
Dump syscall numbers from ntdll.dll
Kara-4search/FullDLLUnhooking_CSharp
Unhook DLL via cleaning the DLL 's .text section
krystianbajno/winapi-search
💠 Documented and undocumented WinAPI search.
dz333n/ReactOS-Kernel
Win32less fork of ReactOS (only kernel and NT programs)
0x08088405/nt_version
Queries Windows (NT) major/minor/build version
blueskychan-dev/FuckedUP
FuckedUP - Best way to fuck up windows without UAC (.NET way) *BSOD
Chainski/Terminator
Terminator is a compact utility coded in C#, designed to end processes that have RtlSetProcessIsCritical enabled.
Chaoses-Ib/NtWin32
Use the Win32 subsystem API while depending only on Ntdll.dll
EternityX/WindowsProcessManipulation
Some stuff for dealing with Windows processes