ntdll
There are 43 repositories under ntdll topic.
wbenny/DetoursNT
Detours with just single dependency - NTDLL
Chuyu-Team/MINT
Contains the definitions for the Windows Internal UserMode API from ntdll.dll, samlib.dll and winsta.dll.
f1zm0/hades
Go shellcode loader that combines multiple evasion techniques
therealdreg/DbgChild
Debug Child Process Tool (auto attach)
AndreyBazhan/SymStore
The history of Windows Internals via symbols.
nbs32k/inline-syscall
Inline syscalls made for MSVC supporting x64 and WOW64
danielkrupinski/OneByteLdr
Bypass for CS:GO's LoadLibrary injection prevention mechanism, achieved by patching one byte of game memory.
wbenny/EtwConsumerNT
Simple project that demonstrates how an ETW consumer can be created just by using NTDLL
MiroKaku/Nt-Modules
Collect different versions of Crucial modules.
DosX-dev/DefCollection
This repository houses an extensive collection of .def files, which are header files containing enumerations of entry points for various native libraries. These entry points serve as essential references for developers seeking to interact with these libraries from their codebases.
wbenny/woftool
woftool is a proof-of-concept utility for creating WOF-compressed files
joshfinley/SyscallDumper
Dump system call codes, names, and offsets from Ntdll.dll
hillu/go-ntdll
Go interface to NTDLL functions
MiroKaku/Musa.Core
Use ntdll/ntoskrnl to implement Kernel32, Advapi32 and other APIs. It includes user-mode and kernel-mode.
andrew-boyarshin/LoaderWatch
Windows 10 PE image loader (LDR) NTDLL component toolbox
KNSoft/KNSoft.SlimDetours
An improved Detours.
zeroclear/xpext
Windows XP API extension
Flawww/WoW64Injection
Proof of concept for injecting a 64-bit DLL into a 32-bit application
andrew9382/manual_mapping_dll_injector
manual mapping injector
ChrisPritchard/golang-shellcode-runner
A shellcode runner / injector / hollower in Go, for windows
ikermit/11Syscalls
Windows 11 Syscall table. Ready to use in direct syscall. Actively maintained.
DissectMalware/WinNativeIO
Using Undocumented NTDLL Functions to Read/Write/Delete File
killswitch-GUI/IsDebuggerPresent
Debugger checks in 3 ways
SaturnsVoid/Process-Protection
Basic windows process protection written in Go, using the NtSetInformationProcess API
11philip22/CodeInjection
Collection of shellcode injection and execution techniques
opcode86/SysCaller
Single header library to simplify the usage of direct syscalls. x64/x86
KNSoft/KNSoft.NDK
KNSoft.NDK provides native C/C++ definitions and import libraries for Windows NT and some specifications.
dzik143/syscall-dump
Dump syscall numbers from ntdll.dll
Kara-4search/FullDLLUnhooking_CSharp
Unhook DLL via cleaning the DLL 's .text section
krystianbajno/winapi-search
💠 Documented and undocumented WinAPI search.
dz333n/ReactOS-Kernel
Win32less fork of ReactOS (only kernel and NT programs)
0x08088405/nt_version
Queries Windows (NT) major/minor/build version
blueskychan-dev/FuckedUP
FuckedUP - Best way to fuck up windows without UAC (.NET way) *BSOD
EternityX/WindowsProcessManipulation
Some stuff for dealing with Windows processes
Chainski/Terminator
Terminator is a compact utility coded in C#, designed to end processes that have RtlSetProcessIsCritical enabled.
Chaoses-Ib/NtWin32
Use the Win32 subsystem API while depending only on Ntdll.dll