Windows Resources
Categories:
- Windows Resources
Windows Resources Collection
This section lists only some common Windows tools for debugging, troubleshooting, and testing. Tools for packing/unpacking, encryption/decryption, file editors, and programming tools are omitted for brevity.
Tools
Monitoring & Analysis
| Tool Name | Download Link | Description |
|---|---|---|
| DebugView | https://docs.microsoft.com/zh-cn/sysinternals/downloads/debugview | A Sysinternals utility for capturing and controlling kernel and user-mode debug output. |
| Process Monitor | https://docs.microsoft.com/zh-cn/sysinternals/downloads/procmon | A real-time Sysinternals tool that monitors file system, registry, process, thread, and DLL activity to help troubleshoot issues. |
| Process Explorer | https://docs.microsoft.com/zh-cn/sysinternals/downloads/process-explorer | A Sysinternals process viewer that inspects loaded DLLs, call stacks, and which processes have opened a file. |
| WinObj | https://docs.microsoft.com/zh-cn/sysinternals/downloads/winobj | A Sysinternals viewer for the Object Manager namespace; it uses native APIs without loading drivers—see WinObjEx64 for an open-source implementation on GitHub. |
| WinObjEx64 | https://github.com/hfiref0x/WinObjEx64 | An open-source, advanced Object Manager namespace viewer. |
| Handle | https://docs.microsoft.com/zh-cn/sysinternals/downloads/handle | A Sysinternals utility showing which file or directory is held by a running process. |
| Sysinternals Suite | https://live.sysinternals.com/ | The complete suite of Sysinternals utilities—only the most frequently used are listed here to avoid clutter. |
| CPU-Z | https://www.cpuid.com/softwares/cpu-z.html | Real-time CPU monitoring tool. |
| ProcMonX | https://github.com/zodiacon/ProcMonX | An open-source C# implementation using ETW to provide functionality similar to Process Monitor. |
| ProcMonXv2 | https://github.com/zodiacon/ProcMonXv2 | The second open-source C# ETW-based alternative to Process Monitor. |
| Process Hacker | https://github.com/processhacker/processhacker | An open-source Process Explorer-like tool with GPU information support. |
| API Monitor | http://www.rohitab.com/apimonitor | Traces API calls to show how applications/services interact, helps detect bugs, and can modify input/output parameters. |
| Dependency Walker | http://www.dependencywalker.com/ | Scans any 32- or 64-bit Windows module and lists all exported functions. |
| DeviceTree | http://www.osronline.com/article.cfm%5earticle=97.htm | Displays all driver objects and device stack information in the system. |
| Unlocker | https://www.softpedia.com/get/System/System-Miscellaneous/Unlocker.shtml | Unlocks files held by running processes—many similar open-source tools are available. |
| RpcView | https://github.com/silverf0x/RpcView | Shows and decompiles live RPC interfaces on the system—useful when analyzing RPC services. |
| RequestTrace | https://the-sz.com/products/rt/ | Displays IRPs, SRBs, URBs, and related buffers on Windows; mostly redundant as WinDbg covers the same traces but handy without a debugger. |
| IRPMon | https://github.com/MartinDrab/IRPMon | Hooks driver objects to monitor IRP traffic and other driver requests, similar to RequestTrace and IrpTracker. |
| IRPTrace | https://github.com/haidragon/drivertools | Contains a collection of additional tools. |
AntiRootkit Tools
| Tool Name | Download Link | Description |
|---|---|---|
| PcHunter | https://www.anxinsec.com/view/antirootkit/ | Security analysis tool that bypasses rootkits via direct disk, registry, network, etc., showing detailed info on threads, processes, and kernel modules. |
| Windows-Kernel-Explorer | https://github.com/AxtMueller/Windows-Kernel-Explorer | Closed-source alternative to PcHunter, useful when newer OS support is missing. |
| PowerTool | Rarely updated. Developed by a colleague of a friend; reportedly messy codebase. | |
| py | https://github.com/antiwar3/py | PiaoYun ARK—open-source rootkit scanner. |
PE Tools
| Tool Name | Download Link | Description |
|---|---|---|
| CFF Explorer | https://ntcore.com/?page_id=388 | A nice PE explorer. |
| ExeinfoPe | http://www.exeinfo.xn.pl/ | – |
Reverse & Debug
| Tool Name | Download Link | Description | |
|---|---|---|---|
| Ghidra | https://www.nsa.gov/resources/everyone/ghidra/ | A software reverse-engineering (SRE) suite created by the NSA Research Directorate to support cybersecurity missions. | |
| IDA | https://down.52pojie.cn/ | Famous but closed-source interactive disassembler—latest cracks (v7.5) on 52pojie forum. | |
| dnSpy | https://github.com/dnSpy/dnSpy | .NET decompiler; effectively provides source code for unobfuscated .NET binaries if the framework is familiar to you. | |
| OllyDbg | https://down.52pojie.cn/Tools/Debuggers// | Popular debugger with many plugins; closed-source and only for 32-bit binaries. | |
| x64dbg | https://x64dbg.com/ | Open-source debugger for x86/x64 binaries—more convenient than WinDbg yet similar plugin support; recommended over OllyDbg. | |
| Cheat Engine | https://www.cheatengine.org/ | Memory-search & manipulation Swiss-army knife; offers many advanced reverse-engineering features. | |
| VirtualKD-Redux | https://github.com/4d61726b/VirtualKD-Redux/releases | Fully-automated WinDbg virtual-machine debugging without env vars; supports latest VMware. | |
| Driver Loader | http://www.osronline.com/article.cfm%5Earticle=157.htm | OSR tool for installing, loading, and unloading drivers. | |
| reverse-engineering | https://github.com/wtsxDev/reverse-engineering | A curated list of almost every tool you need for reverse engineering. |
Injection Tools
| Tool Name | Download Link | Description | |
|---|---|---|---|
| yapi | https://github.com/ez8-co/yapi | Simple open-source DLL injector for x64/x86 processes—good for learning from the source; supports cross-bit-width injection from 32-bit to 64-bit. | |
| Xenos | https://github.com/DarthTon/Xenos | Open-source injector using the famous Blackbone library; supports kernel-level injection. | |
| ExtremeInjector | https://github.com/master131/ExtremeInjector | Easy-to-use application-layer injector featuring cross-bit-width injection from 32-bit to 64-bit. |
Network
| Tool Name | Download Link | Description |
|---|---|---|
| Fiddler | https://www.telerik.com/fiddler | Powerful HTTPS man-in-the-middle proxy without a certificate hassle; scriptable; ships with an SDK. |
| Wireshark | https://www.wireshark.org/download.html | No introduction needed. |
| Burp Suite | https://portswigger.net/burp | The go-to web proxy for pentesters. Requires JDK; cracked versions available on 52pojie. |
Stress Testing Tools
| Tool Name | Download Link | Description |
|---|---|---|
| Driver Verifier | https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/driver-verifier | Built-in driver stability and stress tester. |
| Application Verifier | https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/application-verifier | Built-in application-layer stress tester. |
| CPUStress | https://docs.microsoft.com/en-us/sysinternals/downloads/cpustres | Pushes CPU to full load to test application stability and responsiveness under extreme conditions. |
Others
| Tool Name | Download Link | Description |
|---|---|---|
| game-hacking | https://github.com/dsasmblr/game-hacking | – |
| awesome-malware-analysis | https://github.com/rootkiter/awesome-malware-analysis | Curated list of malware-analysis tools |
| drawio | https://github.com/jgraph/drawio-desktop | The ultimate diagramming tool |
| RazorSQL | https://www.razorsql.com/ | GUI for SQLite3 databases |
| Git Learning Notes | https://github.com/No-Github/1earn/blob/master/1earn/Develop/%E7%89%88%E6%9C%AC%E6%8E%A7%E5%88%B6/Git%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0.md | Version management with Git |
| Markdown Syntax Learning | https://github.com/No-Github/1earn/blob/master/1earn/Develop/%E6%A0%87%E8%AE%B0%E8%AF%AD%E8%A8%80/Markdown/Markdown%E8%AF%AD%E6%B3%95%E5%AD%A6%E4%B9%A0.md | Markdown reference |
Code
Operating System
| Tool Name | Download Link | Description |
|---|---|---|
| ReactOS | https://github.com/reactos/reactos | An open-source OS aiming for Windows 2000 driver binary compatibility. |
| wrk-v1.2 | https://github.com/jmcjmmcjc/wrk-v1.2 | Partial Windows NT 5.2 source code. |
| WinNT4 | https://github.com/ZoloZiak/WinNT4 | Windows NT4 kernel source code. |
| whids | https://github.com/0xrawsec/whids/tree/a826d87e0d035daac10bfa96b530c5deff6b9915 | Open source EDR for Windows. |
Kernel Examples
| Tool Name | Download Link | Description |
|---|---|---|
| CPPHelper | https://github.com/Chuyu-Team/CPPHelper | Basic C++ helper class library. |
| cpp_component | https://github.com/skyformat99/cpp_component | Encapsulation of common C/C++ features. |
| WinToolsLib | https://github.com/deeonis-ru/WinToolsLib | Suite of classes for Windows programming. |
| KDU | https://github.com/hfiref0x/KDU | – |
| KTL | https://github.com/MeeSong/KTL | – |
| Kernel-Bridge | https://github.com/HoShiMin/Kernel-Bridge | – |
| KernelForge | https://github.com/killvxk/KernelForge | – |
| ExecutiveCallbackObjects | https://github.com/0xcpu/ExecutiveCallbackObjects | Research on various kernel-mode callbacks. |
| SyscallHook | https://github.com/AnzeLesnik/SyscallHook | System-call hook for Windows 10 20H1. |
| Antivirus_R3_bypass_demo | https://github.com/huoji120/Antivirus_R3_bypass_demo | Eliminates AV via both R3 0-day and R0 0-day. |
| KernelHiddenExecute | https://github.com/zouxianyu/KernelHiddenExecute | Hide code/data in kernel address space. |
| DriverInjectDll | https://github.com/strivexjun/DriverInjectDll | Kernel-mode global and memory-based injection for Win7–Win10. |
| zwhawk | https://github.com/eLoopWoo/zwhawk | Kernel rootkit providing remote command/control. |
| ZeroBank-ring0-bundle | https://github.com/Trietptm-on-Coding-Algorithms/ZeroBank-ring0-bundle | Kernel-mode rootkit for remote server communication. |
| kdmapper | https://github.com/z175/kdmapper | Manual driver mapper (educational/outdated). |
| antispy | https://github.com/mohuihui/antispy | Free but powerful AV & rootkit detection toolkit. |
| windows_kernel_resources | https://github.com/sam-b/windows_kernel_resources | – |
| HookLib | https://github.com/HoShiMin/HookLib | User- and kernel-mode hooking library. |
| Kernel-Whisperer | https://github.com/BrunoMCBraga/Kernel-Whisperer | Kernel module utilities. |
| SQLiteCpp | https://github.com/SRombauts/SQLiteCpp | Smart, easy-to-use C++ SQLite3 wrapper. |
| awesome-windows-kernel-security-development | https://github.com/ExpLife0011/awesome-windows-kernel-security-development | Curated collection of Windows kernel security projects. |
VT Technology
| Tool Name | Download Link | Description |
|---|---|---|
| hvpp | https://github.com/wbenny/hvpp | |
| HyperBone | https://github.com/DarthTon/HyperBone | |
| HyperWin | https://github.com/amiryeshurun/HyperWin | |
| Hypervisor | https://github.com/Bareflank/hypervisor | |
| HyperPlatform | https://github.com/tandasat/HyperPlatform | |
| Hyper-V-Internals | https://github.com/gerhart01/Hyper-V-Internals | |
| Hypervisor-From-Scratch | https://github.com/SinaKarvandi/Hypervisor-From-Scratch | |
| KasperskyHook | https://github.com/iPower/KasperskyHook | |
| awesome-virtualization | https://github.com/Wenzel/awesome-virtualization | |
| ransomware_begone | https://github.com/ofercas/ransomware_begone |
Miscellaneous
| Tool Name | Download Link | Description |
|---|---|---|
| Divert | https://github.com/basil00/Divert | Redirect network traffic to user-mode applications for modification/dropping. |
| Blackbone | https://github.com/DarthTon/Blackbone | Kernel-mode injection techniques, including kernel memory injection. |
| NetWatch | https://github.com/huoji120/NetWatch | Threat-traffic detection platform; supports virtual memory patching. |
| x64_AOB_Search | https://github.com/wanttobeno/x64_AOB_Search | Enterprise-grade high-speed memory scanner (supports wildcards). |
| DuckMemoryScan | https://github.com/huoji120/DuckMemoryScan | Detects most so-called memory-only AV evasion shells. |
| FSDefender | https://github.com/Randomize163/FSDefender | File-system monitoring combined with cloud-backed backups. |
| AntiRansomware | https://github.com/clavis0x/AntiRansomware | Write-scanning anti-ransomware solution—prevents overwriting of files. |
| Lazy | https://github.com/moonAgirl/Lazy | (Malicious) ransomware terminator. |
| awesome-cheatsheets | https://github.com/skywind3000/awesome-cheatsheets/blob/master/tools/git.txt | Handy references for Python, Git, etc. |
CTF Resources
| Repository Name | Repository Link | Description |
|---|---|---|
| CTF-All-In-One | https://github.com/firmianay/CTF-All-In-One | |
| ctf-book | https://github.com/firmianay/ctf-book | Companion resources for the CTF Competition Guide (Pwn Edition). |
Penetration Testing
| Repository Name | Repository Link | Description |
|---|---|---|
| Web-Security-Learning | https://github.com/CHYbeta/Web-Security-Learning | |
| pentest | https://github.com/r0eXpeR/pentest | Tools and project reference for pivoting inside intranets. |
| K8tools | http://k8gege.org/p/72f1fea6.html | Collection of K8tools. |
| Awesome-Red-Teaming | https://github.com/yeyintminthuhtut/Awesome-Red-Teaming | List of Awesome Red-Teaming Resources. |
| Awesome-Hacking | https://github.com/Hack-with-Github/Awesome-Hacking | Curated lists for hackers. |
| awesome-web-hacking | https://github.com/infoslack/awesome-web-hacking | Penetration-testing knowledge base. |
Free Patent Search
| Repository Name | Repository Link | Description |
|---|---|---|
| Patent Information Service Platform | http://search.cnipr.com/ | |
| patents | <www.google.com/patents> | |
| incopat | <www.incopat.com> | |
| Baiten | https://www.baiten.cn/ | |
| rainpat | https://www.rainpat.com/ | |
| Duyan | https://www.uyanip.com/ |