windows-internals
There are 91 repositories under windows-internals topic.
taviso/ctftool
Interactive CTF Exploration Tool
7etsuo/windows-api-function-cheatsheets
A reference of Windows API function calls, including functions for file operations, process management, memory management, thread management, dynamic-link library (DLL) management, synchronization, interprocess communication, Unicode string manipulation, error handling, Winsock networking operations, and registry operations.
daem0nc0re/TangledWinExec
PoCs and tools for investigation of Windows process execution techniques
mrexodia/dumpulator
An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).
VirtualAlllocEx/DEFCON-31-Syscalls-Workshop
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
diversenok/TokenUniverse
An advanced tool for working with access tokens and Windows security policy.
AlSch092/UltimateAntiCheat
UltimateAnticheat is an open source usermode anti-cheat system made to detect and prevent common attack vectors in game cheating (C++, Windows)
JustasMasiulis/nt_wrapper
A wrapper library around native windows sytem APIs
ayoubfaouzi/windows-internals
My notes while studying Windows internals
christophetd/spoofing-office-macro
:fish: PoC of a VBA macro spawning a process with a spoofed parent and command line.
S1ckB0y1337/TokenPlayer
Manipulating and Abusing Windows Access Tokens.
mrexodia/phnt-single-header
Single header version of System Informer's phnt library.
gabriel-sztejnworcel/pipe-intercept
Intercept Windows Named Pipes communication using Burp or similar HTTP proxy tools
vxcute/WindowsInternals
Yet another windows internals repo
mentebinaria/fundamentos-engenharia-reversa
Livro: Engenharia Reversa - Fundamentos e Prática
AndreyBazhan/SymStore
The history of Windows Internals via symbols.
adamhlt/DLL-Injector
DLL Injector (LoadLibrary) in C++ (x86 / x64) - LoadLibrary DLL injector
diversenok/NtUtilsLibrary
Delphi library for system programming on Windows using Native API
diversenok/NtTools
Some random system tools for Windows
Air14/SymbolicAccess
Static user/kernel mode library that allows access to all functions and global variables by extracting offsets from the PDB
DownWithUp/ALPC-Example
An example of a client and server using Windows' ALPC functions to send and receive data.
ionescu007/wnfun
WNF Utilities 4 Newbies (WNFUN)
adamhlt/Manual-DLL-Loader
Custom LoadLibrary / GetProcAddress (x86 / x64) - Load DLL and retrieve functions manually
adamhlt/PE-Explorer
PE Explorer in C++ (x86 / x64) - PE file parser, retrieve exports and imports
adamhlt/Cave-Finder
Tool to find code cave in PE image (x86 / x64) - Find empty space to place code in PE files
NtRaiseHardError/Dreadnought
PoC for detecting and dumping code injection (built and extended on UnRunPE)
yardenshafir/DpcWait
Driver demonstrating how to register a DPC to asynchronously wait on an object
andrew-boyarshin/LoaderWatch
Windows 10 PE image loader (LDR) NTDLL component toolbox
micREsoft/SysCaller
Windows syscall SDK with dynamic offset resolution, validation, obfuscation, and multi language bindings. Bypass API hooks across different languages and Windows versions.
yardenshafir/conference_talks
Slides from various conference talks
Cipher7/havoc-PoolParty
Windows Thread Pool Injection Havoc Implementation
DownWithUp/WarbirdExamples
An example of how to use Microsoft Windows Warbird technology
ElliotKillick/ms-devblogs-search
Microsoft Developer Blogs Search Tool
Broihon/ProcessInfo
A class to gather information about a process, its threads and modules.
Yuragy/HVNC-windows-remote-toolkit
Remote administration toolkit for windows, based on Hidden VNC: file manager, keystroke logger, powershell
dutchpsycho/ActiveBreach-Engine
SysWhispers/DirectSyscall Successor - Advanced Direct Syscall Invocation framework using modern techniques - EDR/AV/AntiCheat Evasion Framework Win64