🛠️ Enhance your application's stealth by resolving WinAPI calls through PEB walking, keeping your import table clean and hidden from scrutiny.

XNTSV program for detailed viewing of system structures for Windows.

Spectral DCM pipeline for rs-fMRI effective connectivity and dementia conversion analysis.

Compile-time string encryption and import obfuscation for Windows PE32(+) binaries

Little tool and (header-only lib) to investigate Windows Internals. Shout out to @zodiacon. No pull requests (this is actually a mirrored Mercurial repo).

Imports Reconstructor via indirect syscalls (Scylla rebuilt with SysCaller)

Lightweight PoC enumerating processes and reading remote PEBs for triage and research.

Tiny C header that allows easy hiding of WinAPI imports via PEB

PoC shellcode injector using clean syscalls to bypass user-mode hooks in ntdll.dll

Custom implementations of WinAPI functions GetProcAddress and GetModuleHandle by traversing low level Windows data structures.

POC of a better implementation of GetProcAddress for ntdll using binary search

CLI Wrapper for Bleak library.

Dossier dédié à WinIBW, notamment des scripts

Uses the PEB to obtain an apisetmap in order to translate umbrella DLL's such as "api-ms-win-http-time-l1-1-0.dll" to their origin forward DLL e.g. kernelbase.dll

Energy performance of buildings

API to simplify web development. Comply with the MIT license open source agreement. In line with most jQuery writing habits.

Hiding a module

Debugger checks in 3 ways