Related Projects

pe-sieve - Scans a given process

  •    C++

PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches. Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.

PESecurity - PowerShell module to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, and Authenticode

  •    PowerShell

PowerShell script to check if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, Authenticode, Control Flow Guard, and HighEntropyVA.

VB Packager And Compiler

  •    VB

Portable , Faster, Smaller EXE No Runtime Needed anymore , without needed of ActiveX or Ocx Or Dll all you need to do is scan the project file to view all the dependence files and put in on the final exe file complied As VB PowerWrap or Stand Alone Xpres

OpenSSL-based signcode utility

  •    C

Platform-independent tool for Authenticode signing of PE(EXE/SYS/DLL/etc), CAB and MSI files - uses OpenSSL and libcurl. It also supports timestamping (Authenticode and RFC3161).

PowerExt

  •    DotNet

PowerExt can display assembly version, assembly name, public key, strong name etc in Windows Explorer. It's a Windows Explorer extension written in C++. For .NET Assemblies (.dll and .exe files) it adds an additional .NET tab to the Windows Explorer's File Properties dialog.


ReflectiveDLLInjection - Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process

  •    C

Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process. As such the library is responsible for loading itself by implementing a minimal Portable Executable (PE) file loader. It can then govern, with minimal interaction with the host system and process, how it will load and interact with the host. Injection works from Windows NT4 up to and including Windows 8, running on x86, x64 and ARM where applicable.

SocksOverRDP - Socks5/4/4a Proxy support for Remote Desktop Protocol / Terminal Services / Citrix / XenApp / XenDesktop

  •    C++

This tool adds the capability of a SOCKS proxy to Terminal Services (or Remote Desktop Services) and Citrix (XenApp/XenDesktop). It uses Dynamic Virtual Channel that enables us to communicate over an open RDP/Citrix connection without the need to open a new socket, connection or a port on a firewall. You need to install a plugin (.dll) on your client computer that you use to connect to the RDP/Citrix server. On the RDP/Citrix server you need to use the other half of the project the .exe, which creates the channel between the plugin and the server executable. More details can be found below. If you want to use it with Citrix/XenApp/XenDesktop please scroll to Citrix section.

Texe

  •    

Texe is a PE import and export viewer. You can use it to analyze PE files. Texe exports the report in the form of html document with extension .html preceded by the pe file name given.

IL Merger Tool

  •    DotNet

IL Merger Tool is a GUI for the IL Merge. This tool allows you to merge different .net assemblies (dlls and exes) into one assembly with a wide range of options. This also enables you to save the settings and create post build actions for Visual Studio. Certified for Windows 7.

SubSonic Tools for Visual Studio

  •    

The SubSonic Tools integrate the SubSonic code-generation features in Visual Studio 2005. They can be used to generate your DAL in a Web Site, an EXE (WinForms/Service) or a DLL project. The generated files are automatically added to your project's solution and managed by the ...

LIOGO

  •    CSharp

Liogo is a Logo Compiler for .NET. Liogo compile Logo files to .NET IL EXE or DLL. So, Liogo result could be launched directly on Windows and, via Mono runtime, on Linux. Last, with Liogo you can mix Logo code with C#/VB.NET code.

NuGet.Versioner

  •    

NuGet.Versioner makes it a snap to automatically produce versioned NuGet packages by extracting version information from your .dll or .exe during Visual Studio Post-build events.

WineIcons

  •    Delphi

WineIcons is a Win32 program for Wine, that allows you to extract icons form ICO, EXE and DLL files and save them in PNG format. It is useful for KDE-like icons creation. WineIcons can be easily integrated into your Linux system.

ScareCrow - ScareCrow - Payload creation framework designed around EDR bypass.

  •    Go

ScareCrow is a payload creation framework for side loading (not injecting) into a legitimate Windows process (bypassing Application Whitelisting controls). Once the DLL loader is loaded into memory, it utilizes a technique to flush an EDR’s hook out of the system DLLs running in the process's memory. This works because we know the EDR’s hooks are placed when a process is spawned. ScareCrow can target these DLLs and manipulate them in memory by using the API function VirtualProtect, which changes a section of a process’ memory permissions to a different value, specifically from Execute–Read to Read-Write-Execute. When executed, ScareCrow will copy the bytes of the system DLLs stored on disk in C:\Windows\System32\. These DLLs are stored on disk “clean” of EDR hooks because they are used by the system to load an unaltered copy into a new process when it’s spawned. Since EDR’s only hook these processes in memory, they remain unaltered. ScareCrow does not copy the entire DLL file, instead only focuses on the .text section of the DLLs. This section of a DLL contains the executable assembly, and by doing this ScareCrow helps reduce the likelihood of detection as re-reading entire files can cause an EDR to detect that there is a modification to a system resource. The data is then copied into the right region of memory by using each function’s offset. Each function has an offset which denotes the exact number of bytes from the base address where they reside, providing the function’s location on the stack. To do this, ScareCrow changes the permissions of the .text region of memory using VirtualProtect. Even though this is a system DLL, since it has been loaded into our process (that we control), we can change the memory permissions without requiring elevated privileges.

MemoryModule - Library to load a DLL from memory.

  •    C

The default windows API functions to load external libraries into a program (LoadLibrary, LoadLibraryEx) only work with files on the filesystem. It's therefore impossible to load a DLL from memory. But sometimes, you need exactly this functionality (e.g. you don't want to distribute a lot of files or want to make disassembling harder). Common workarounds for this problems are to write the DLL into a temporary file first and import it from there. When the program terminates, the temporary file gets deleted.

Batch File Creator

  •    

This ultilitary is a shell extension that let's you to easily create Batch File Shortcuts to .exe files with your parameters. Once you right click a .exe file, it will appear an option Batch File Creator, just select it to start creating!

PS2EXE

  •    

This Powershell script let you create an exe file for other PowerShell scripts. The EXE files will execute the PowerShell script you specified.

Miss Identify

  •    C

Searches for Win32 executables that do not have an executable extension (e.g. exe, com, dll). Can also optionally display all Win32 executables encountered.

pur Java registry wrapper for Windows

  •    Java

Registry reader/writter in Java without any additional dll. It uses the java.dll which is deliverd with any jre! Since version 3.0 it can also read/write DWORD, BINARY, MULTI and EXPAND entries! This functions use Runtime.exec() and the regedit exe!

packmanpacker

  •    C++

Windows 32 bit exe and dll packer






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.