PoC for detecting and dumping code injection (built and extended on UnRunPE)
-
Updated
Oct 23, 2018 - C++
PoC for detecting and dumping code injection (built and extended on UnRunPE)
WNF Utilities 4 Newbies (WNFUN)
Windows 10 PE image loader (LDR) NTDLL component toolbox
Introducing the Eprocess struct and demonstrating some of the affect it may have on the system
Read and Edit external application's memory address space with ease (Windows os)
An example of a client and server using Windows' ALPC functions to send and receive data.
A small library to extend the functionality of GetModuleHandle and GetProcAddress to other processes
A class to gather information about a process, its threads and modules.
🐟 PoC of a VBA macro spawning a process with a spoofed parent and command line.
OBOE - Origami Binary for Objects and Executables
Dump syscall numbers from ntdll.dll
PE32+ / 64-bit / LoadLibrary without imports table.
Solutions to Windows Kernel Programming exercises by Pavel Yosifovich
Driver demonstrating how to register a DPC to asynchronously wait on an object
Manipulating and Abusing Windows Access Tokens.
A wrapper library around native windows sytem APIs
Interactive CTF Exploration Tool
The history of Windows Internals via symbols.
Some random system tools for Windows
Add a description, image, and links to the windows-internals topic page so that developers can more easily learn about it.
To associate your repository with the windows-internals topic, visit your repo's landing page and select "manage topics."