xrv3ovl
Follow
Tools
Leaked Windows processes handles identification tool
CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers
Load self-signed drivers without TestSigning or disable DSE. Transferred from https://github.com/DoubleLabyrinth/Windows10-CustomKernelSigners
Cross-platform tool that allows browsing and extracting C and C++ type declarations from PDB files.
Web-based tool that allows comparing symbol, type and syscall information of Microsoft Windows binaries across different versions of the OS.
XDV is disassembler or debugger that works based on the extension plugin.
Shellcodev is a tool designed to help and automate the process of shellcode creation.
Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.
Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.
A Visual Studio template used to create Cobalt Strike BOFs
Dump PDB Symbols including support for Bochs Debugging Format (with wine support)
可在非测试模式下符号化读取内核内存。Kernel memory can be read symbolically in non test mode。
A tool that allows you to assemble and emulate assembly in multiple archs for learning purposes
Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windows OS.
A tool that shows detailed information about named pipes in Windows
Kernel mode WinDbg extension and PoCs for token privilege investigation.
Detect, analyze and uniquely identify crashes in Windows applications
This program can retrieve signature information from PE files which signed by one or more certificates on Windows. Supporting multi-signed (nested) infomation and certificate-chain.
Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.