CheckPointSW / Anti-Debug-DB
Anti-Debug encyclopedia contains methods used by malware to verify if they are executed under debugging. It includes the description of various anti-debug tricks, their implementation, and recommendations of how to mitigate the each trick.
☆52Updated last year
Alternatives and similar repositories for Anti-Debug-DB:
Users that are interested in Anti-Debug-DB are comparing it to the libraries listed below
- File system minifilter driver for Windows to block symbolic link attacks.☆50Updated 4 years ago
- An example of how x64 kernel shellcode can dynamically find and use APIs☆104Updated 4 years ago
- Resolve DOS MZ executable symbols at runtime☆93Updated 3 years ago
- An automatic tool for fixing dumped PE files☆41Updated 4 years ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆53Updated 5 years ago
- IOCTLpus can be used to make DeviceIoControl requests with arbitrary inputs (with functionality somewhat similar to Burp Repeater).☆86Updated 3 years ago
- Helper idapython code for reversing kmdf drivers☆71Updated 2 years ago
- Abusing exceptions for code execution.☆108Updated last year
- Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols)☆62Updated last year
- This utility allows you to lock every available memory regions of an arbitrary process into its working set.☆67Updated last year
- PoC: Rebuild A New Path Back to the Heaven's Gate (HITB 2021)☆102Updated 3 years ago
- IDA Plugin that fills in missing indirect CALL & JMP target information☆120Updated last week
- ☆139Updated last year
- arbitrary kernel read/write in dbutil_2_3.sys, Proof of Concept Local Privilege Escalation to nt authority/system☆55Updated 3 years ago
- devirtualization vmprotect☆61Updated last year
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆69Updated last year
- Simple windows API logger☆98Updated 5 years ago
- Windows API Hashes used in the malwares☆40Updated 9 years ago
- ☆158Updated 3 years ago
- APC Internals Research Code☆161Updated 4 years ago
- Designed to learn OS specific anti-emulation patterns by fuzzing the Windows API.☆96Updated 4 years ago
- WslinkVMAnalyzer is a tool to facilitate analysis of code protected by a virtual machine featured in Wslink malware☆45Updated 2 years ago
- ☆31Updated 2 years ago
- A years-old exploit of a local EoP vulnerability in Kingsoft Antivirus KWatch Driver version 2009.3.17.77.☆36Updated 2 years ago
- Collection of obfuscation, tamper-proofing, and watermarking algorithms targeting LLVM IR.☆71Updated 5 years ago
- Heaven's Gate implementation in C for constructing x64 Win32 API call in x86 WoW64 processes.☆67Updated 3 years ago
- This is a simple driver with x64 inline assembly☆54Updated 4 years ago
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆124Updated 4 months ago
- ☆44Updated 4 years ago
- Command like tool to print mitigation flags for running processes in a memory dump☆47Updated 4 years ago