ntdll

Detours with just single dependency - NTDLL

Contains the definitions for the Windows Internal UserMode API from ntdll.dll, samlib.dll and winsta.dll.

Go shellcode loader that combines multiple evasion techniques

Debug Child Process Tool (auto attach)

Inline syscalls made for MSVC supporting x64 and WOW64

The history of Windows Internals via symbols.

Bypass for CS:GO's LoadLibrary injection prevention mechanism, achieved by patching one byte of game memory.

Simple project that demonstrates how an ETW consumer can be created just by using NTDLL

Collect different versions of Crucial modules.

This repository houses an extensive collection of .def files, which are header files containing enumerations of entry points for various native libraries. These entry points serve as essential references for developers seeking to interact with these libraries from their codebases.

woftool is a proof-of-concept utility for creating WOF-compressed files

Use ntdll/ntoskrnl to implement Kernel32, Advapi32 and other APIs. It includes user-mode and kernel-mode.

Dump system call codes, names, and offsets from Ntdll.dll

Go interface to NTDLL functions

Windows 10 PE image loader (LDR) NTDLL component toolbox

Windows XP API extension

Proof of concept for injecting a 64-bit DLL into a 32-bit application

manual mapping injector

A shellcode runner / injector / hollower in Go, for windows

Windows 11 Syscall table. Ready to use in direct syscall. Actively maintained.