ntdll

Detours with just single dependency - NTDLL

Contains the definitions for the Windows Internal UserMode API from ntdll.dll, samlib.dll and winsta.dll.

Go shellcode loader that combines multiple evasion techniques

Debug Child Process Tool (auto attach)

Inline syscalls made for MSVC supporting x64 and WOW64

The history of Windows Internals via symbols.

Bypass for CS:GO's LoadLibrary injection prevention mechanism, achieved by patching one byte of game memory.

Simple project that demonstrates how an ETW consumer can be created just by using NTDLL

Collect different versions of Crucial modules.

Use ntdll/ntoskrnl to implement Kernel32, Advapi32 and other APIs. It includes user-mode and kernel-mode.

woftool is a proof-of-concept utility for creating WOF-compressed files

This repository houses an extensive collection of .def files, which are header files containing enumerations of entry points for various native libraries. These entry points serve as essential references for developers seeking to interact with these libraries from their codebases.

Go interface to NTDLL functions

Dump system call codes, names, and offsets from Ntdll.dll

Windows 10 PE image loader (LDR) NTDLL component toolbox

Windows syscall SDK with dynamic offset resolution, validation, obfuscation, and multi language bindings. Bypass API hooks across different languages and Windows versions.

Proof of concept for injecting a 64-bit DLL into a 32-bit application

Windows XP API extension

manual mapping injector

A shellcode runner / injector / hollower in Go, for windows