CheckPointSW / Anti-Debug-DB
Anti-Debug encyclopedia contains methods used by malware to verify if they are executed under debugging. It includes the description of various anti-debug tricks, their implementation, and recommendations of how to mitigate the each trick.
☆49Updated last year
Related projects ⓘ
Alternatives and complementary repositories for Anti-Debug-DB
- Helper idapython code for reversing kmdf drivers☆67Updated 2 years ago
- Simple windows API logger☆98Updated 5 years ago
- Resolve DOS MZ executable symbols at runtime☆93Updated 3 years ago
- IOCTLpus can be used to make DeviceIoControl requests with arbitrary inputs (with functionality somewhat similar to Burp Repeater).☆84Updated 2 years ago
- Simple x64dbg plugin to save a full memory dump☆49Updated 2 years ago
- This utility allows you to lock every available memory regions of an arbitrary process into its working set.☆66Updated last year
- IDA plugin to pinpoint obfuscated code☆134Updated 2 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆103Updated 4 years ago
- IDA Plugin that fills in missing indirect CALL & JMP target information☆115Updated last year
- PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)☆101Updated 3 years ago
- Windows API Hashes used in the malwares☆38Updated 9 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆53Updated 5 years ago
- Abusing exceptions for code execution.☆106Updated last year
- Designed to learn OS specific anti-emulation patterns by fuzzing the Windows API.☆94Updated 4 years ago
- x86 and x64 assembly "read-eval-print loop" for Windows☆25Updated 7 years ago
- Heaven's Gate implementation in C for constructing x64 Win32 API call in x86 WoW64 processes.☆67Updated 3 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆69Updated last year
- ☆131Updated last year
- A static analysis tool that helps security researchers scan a list of Windows kernel drivers for common vulnerability patterns in drivers…☆54Updated 3 years ago
- ☆31Updated 2 years ago
- PoC for hiding PE exports☆65Updated 3 years ago
- devirtualization vmprotect☆61Updated last year
- Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols)☆60Updated last year
- VMProtectTest☆36Updated last year
- IDA plugin for quickly copying disassembly as encoded hex bytes☆58Updated 2 years ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆204Updated 5 years ago
- File system minifilter driver for Windows to block symbolic link attacks.☆51Updated 3 years ago
- ☆153Updated 3 years ago
- Local OXID Resolver (LCLOR) : Research and Tooling☆33Updated 3 years ago
- C# implementation to produce ROR-13 numeric hash for given function API name☆31Updated 5 years ago