├── Hunt-Weird-Imageloads ├── Detectors.cpp ├── Detectors.h ├── Helpers.cpp ├── Helpers.h ├── Hunt-Weird-Imageloads.sln ├── Hunt-Weird-Imageloads.vcxproj ├── Hunt-Weird-Imageloads.vcxproj.filters ├── Hunt-Weird-Imageloads.vcxproj.user ├── Main.cpp ├── NewThreadLoadLibrary │ ├── Main.c │ ├── NewThreadLoadLibrary.vcxproj │ ├── NewThreadLoadLibrary.vcxproj.filters │ └── NewThreadLoadLibrary.vcxproj.user └── WorkItemLoadLibrary │ ├── Main.c │ ├── WorkItemLoadLibrary.vcxproj │ ├── WorkItemLoadLibrary.vcxproj.filters │ └── WorkItemLoadLibrary.vcxproj.user ├── Readme.md ├── libs └── krabs │ ├── LICENSE │ ├── README.md │ ├── krabs.hpp │ ├── krabs.runsettings │ ├── krabs.sln │ └── krabs │ ├── client.hpp │ ├── collection_view.hpp │ ├── compiler_check.hpp │ ├── errors.hpp │ ├── etw.hpp │ ├── filtering │ ├── comparers.hpp │ ├── event_filter.hpp │ ├── predicates.hpp │ └── view_adapters.hpp │ ├── guid.hpp │ ├── kernel_guids.hpp │ ├── kernel_providers.hpp │ ├── kt.hpp │ ├── parse_types.hpp │ ├── parser.hpp │ ├── perfinfo_groupmask.hpp │ ├── property.hpp │ ├── provider.hpp │ ├── schema.hpp │ ├── schema_locator.hpp │ ├── size_provider.hpp │ ├── tdh_helpers.hpp │ ├── testing │ ├── event_filter_proxy.hpp │ ├── extended_data_builder.hpp │ ├── filler.hpp │ ├── proxy.hpp │ ├── record_builder.hpp │ ├── record_property_thunk.hpp │ └── synth_record.hpp │ ├── trace.hpp │ ├── trace_context.hpp │ ├── ut.hpp │ ├── version_helpers.hpp │ └── wstring_convert.hpp └── screens └── 1.png /Hunt-Weird-Imageloads/Detectors.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/Hunt-Weird-Imageloads/Detectors.cpp -------------------------------------------------------------------------------- /Hunt-Weird-Imageloads/Detectors.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/Hunt-Weird-Imageloads/Detectors.h -------------------------------------------------------------------------------- /Hunt-Weird-Imageloads/Helpers.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/Hunt-Weird-Imageloads/Helpers.cpp -------------------------------------------------------------------------------- /Hunt-Weird-Imageloads/Helpers.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/Hunt-Weird-Imageloads/Helpers.h -------------------------------------------------------------------------------- /Hunt-Weird-Imageloads/Hunt-Weird-Imageloads.sln: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/Hunt-Weird-Imageloads/Hunt-Weird-Imageloads.sln -------------------------------------------------------------------------------- /Hunt-Weird-Imageloads/Hunt-Weird-Imageloads.vcxproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/Hunt-Weird-Imageloads/Hunt-Weird-Imageloads.vcxproj -------------------------------------------------------------------------------- /Hunt-Weird-Imageloads/Hunt-Weird-Imageloads.vcxproj.filters: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/Hunt-Weird-Imageloads/Hunt-Weird-Imageloads.vcxproj.filters -------------------------------------------------------------------------------- /Hunt-Weird-Imageloads/Hunt-Weird-Imageloads.vcxproj.user: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/Hunt-Weird-Imageloads/Hunt-Weird-Imageloads.vcxproj.user -------------------------------------------------------------------------------- /Hunt-Weird-Imageloads/Main.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/Hunt-Weird-Imageloads/Main.cpp -------------------------------------------------------------------------------- /Hunt-Weird-Imageloads/NewThreadLoadLibrary/Main.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/Hunt-Weird-Imageloads/NewThreadLoadLibrary/Main.c -------------------------------------------------------------------------------- /Hunt-Weird-Imageloads/NewThreadLoadLibrary/NewThreadLoadLibrary.vcxproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/Hunt-Weird-Imageloads/NewThreadLoadLibrary/NewThreadLoadLibrary.vcxproj -------------------------------------------------------------------------------- /Hunt-Weird-Imageloads/NewThreadLoadLibrary/NewThreadLoadLibrary.vcxproj.filters: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/Hunt-Weird-Imageloads/NewThreadLoadLibrary/NewThreadLoadLibrary.vcxproj.filters -------------------------------------------------------------------------------- /Hunt-Weird-Imageloads/NewThreadLoadLibrary/NewThreadLoadLibrary.vcxproj.user: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/Hunt-Weird-Imageloads/NewThreadLoadLibrary/NewThreadLoadLibrary.vcxproj.user -------------------------------------------------------------------------------- /Hunt-Weird-Imageloads/WorkItemLoadLibrary/Main.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/Hunt-Weird-Imageloads/WorkItemLoadLibrary/Main.c -------------------------------------------------------------------------------- /Hunt-Weird-Imageloads/WorkItemLoadLibrary/WorkItemLoadLibrary.vcxproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/Hunt-Weird-Imageloads/WorkItemLoadLibrary/WorkItemLoadLibrary.vcxproj -------------------------------------------------------------------------------- /Hunt-Weird-Imageloads/WorkItemLoadLibrary/WorkItemLoadLibrary.vcxproj.filters: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/Hunt-Weird-Imageloads/WorkItemLoadLibrary/WorkItemLoadLibrary.vcxproj.filters -------------------------------------------------------------------------------- /Hunt-Weird-Imageloads/WorkItemLoadLibrary/WorkItemLoadLibrary.vcxproj.user: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/Hunt-Weird-Imageloads/WorkItemLoadLibrary/WorkItemLoadLibrary.vcxproj.user -------------------------------------------------------------------------------- /Readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/Readme.md -------------------------------------------------------------------------------- /libs/krabs/LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/LICENSE -------------------------------------------------------------------------------- /libs/krabs/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/README.md -------------------------------------------------------------------------------- /libs/krabs/krabs.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs.runsettings: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs.runsettings -------------------------------------------------------------------------------- /libs/krabs/krabs.sln: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs.sln -------------------------------------------------------------------------------- /libs/krabs/krabs/client.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/client.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/collection_view.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/collection_view.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/compiler_check.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/compiler_check.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/errors.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/errors.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/etw.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/etw.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/filtering/comparers.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/filtering/comparers.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/filtering/event_filter.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/filtering/event_filter.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/filtering/predicates.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/filtering/predicates.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/filtering/view_adapters.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/filtering/view_adapters.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/guid.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/guid.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/kernel_guids.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/kernel_guids.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/kernel_providers.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/kernel_providers.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/kt.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/kt.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/parse_types.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/parse_types.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/parser.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/parser.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/perfinfo_groupmask.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/perfinfo_groupmask.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/property.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/property.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/provider.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/provider.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/schema.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/schema.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/schema_locator.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/schema_locator.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/size_provider.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/size_provider.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/tdh_helpers.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/tdh_helpers.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/testing/event_filter_proxy.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/testing/event_filter_proxy.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/testing/extended_data_builder.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/testing/extended_data_builder.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/testing/filler.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/testing/filler.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/testing/proxy.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/testing/proxy.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/testing/record_builder.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/testing/record_builder.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/testing/record_property_thunk.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/testing/record_property_thunk.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/testing/synth_record.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/testing/synth_record.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/trace.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/trace.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/trace_context.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/trace_context.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/ut.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/ut.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/version_helpers.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/version_helpers.hpp -------------------------------------------------------------------------------- /libs/krabs/krabs/wstring_convert.hpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/libs/krabs/krabs/wstring_convert.hpp -------------------------------------------------------------------------------- /screens/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thefLink/Hunt-Weird-ImageLoads/HEAD/screens/1.png --------------------------------------------------------------------------------