Export

You'll find here my products and sources, sorted chronologically.

ApiHooks - user-mode API hooking, API hooks, code and DLL injection, remote execution
PrcIdent (PrcWorks) - process identification


EnumRsrc - enumerates, prints and optionally dumps resources of given image


PSUSP - suspends a process on exception or termination


X86IL 1.03 - determines X86(-64) instruction length


Handles - displays information about objects/handles


ApiHooks 6 - hooking on x64 (Win64, 64bit Windows), loading dll before PROCESS_ATTACH of statically loaded modules and more


PrcHelp (EliRT) - process and thread functions (VirtualAllocEx, VirtualFreeEx, CreateRemoteThread, OpenThread) working everywhere (Win9x, NT)


DelObj - deletes some Nt objects


ImgList - lists process images


RegiTime - displays/finds last write times of registry keys


LINKfix - reduces size of PE produced by MS LINK


OMF2D - OMF conversion tool


DumpOSD - console security tools


NtCritical - demonstrates small feature of XP and 2K3


PrcWorks 2.7 - process identification library


KApiHooks 1.0 - kernel API hooking, kernel API hooks, KAH DLL loading
- before asking questions and reporting problems
have a look at this Update list,
re-download KApiHooks and read documentation and all examples carefully.

ComHooks 1.0 - COM hooking, COM hooks, DLL loading
- before asking questions and reporting problems
have a look at this Update list,
re-download ComHooks and read documentation and all examples carefully.

LocPInfo - useful undocummented NT example, extended, updated 1x

BindDLI - binds delay load import of given module, updated 1x

DeleteModule - for final phase of your own uninstallation, you can also modify running module

Delphi support - by Nico Bendlin

RunNative - can launch NT native programs in Win32 mode. Useful for testing and debugging.

DumpXDT - can dump current GDT, IDT , CRx and DRx

SetPrAcl - can view/modify permissions to given process. Included next TM extension.

WatchImageLoad - LoadImageNotify routine (Win2K+ only)

ShowGWH - show global windows hooks (Win9x only)

Reboot - utility?

Beep9X - KERNEL32.Beep in Win9x like in NT

ShowGlobalAtom - example

ShowPriv - look what you can/not (yet)

Mailslot - not often used ipc mechanism

ProcessWorks 1.0 - library for any 32bit x86 Windows

GAR2SSAR - generic access rights to standard and specific access rights

EnumWD - info about window stations and desktops (NT only)

Trash2 - newer files, snippets.

ConCtrl - "kill console children without SmallApp" example

FS22PCR - small fix; extends place FS points to (Win9x only)

PrintSD - prints security descriptor of given object and given token (NT only)

Driver Skeleton - contains ASM source code of NT kernel-mode driver & Co.

Trash - old DOS, MS Windows 3.1 and MS Windows 9x files, solutions and sources.

InstDrv - installs/unistalls kernel-mode driver (asm version of instdrv.c)

EMM586 - utility for 3.1/9x/NT/2K, which "provides" CPL0 instructions for MS-DOS applications. So You are able to run/unpack some incompatible DOS programs under Windows.

EDumpII - test version of EliCZ's Dumper II for DOS executables; now works under ANY Windows; please test it under 2K and mail me.

DllMainHooks - may be useful