Interactive CTF Exploration Tool
-
Updated
Sep 17, 2021 - C
Interactive CTF Exploration Tool
PoCs and tools for investigation of Windows process execution techniques
A lightweight native DLL mapping library that supports mapping directly from memory
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
A wrapper library around native windows sytem APIs
🐟 PoC of a VBA macro spawning a process with a spoofed parent and command line.
My notes while studying Windows internals
An advanced tool for working with access tokens and Windows security policy.
Manipulating and Abusing Windows Access Tokens.
An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).
The history of Windows Internals via symbols.
Livro: Engenharia Reversa - Fundamentos e Prática
Delphi library for system programming on Windows using Native API
An example of a client and server using Windows' ALPC functions to send and receive data.
Driver demonstrating how to register a DPC to asynchronously wait on an object
PoC for detecting and dumping code injection (built and extended on UnRunPE)
Some random system tools for Windows
DLL Injector (LoadLibrary) in C++ (x86 / x64) - LoadLibrary DLL injector
PE Explorer in C++ (x86 / x64) - PE file parser, retrieve exports and imports
Add a description, image, and links to the windows-internals topic page so that developers can more easily learn about it.
To associate your repository with the windows-internals topic, visit your repo's landing page and select "manage topics."