PoCs and tools for investigation of Windows process execution techniques
An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
An advanced tool for working with access tokens and Windows security policy.
A lightweight native DLL mapping library that supports mapping directly from memory
UltimateAnticheat is an open source usermode anti-cheat system made to detect and prevent common attack vectors in game cheating (C++, Windows)
A wrapper library around native windows sytem APIs
My notes while studying Windows internals
🐟 PoC of a VBA macro spawning a process with a spoofed parent and command line.
Manipulating and Abusing Windows Access Tokens.
Single header version of System Informer's phnt library.
Livro: Engenharia Reversa - Fundamentos e Prática
The history of Windows Internals via symbols.
Intercept Windows Named Pipes communication using Burp or similar HTTP proxy tools
DLL Injector (LoadLibrary) in C++ (x86 / x64) - LoadLibrary DLL injector
Delphi library for system programming on Windows using Native API
A manual system call library that supports functions from both ntdll.dll and win32u.dll