Hipepper / antiVM
Ida pro plugin. The antiVM aims to quickly identify anti-virtual machine and anti-sandbox behavior. This can speed up malware analysis.
☆37Updated 2 years ago
Related projects: ⓘ
- 跨平台模拟执行unicorn框架基于Qemu的TCG模式(Tiny Code Generator),以无硬件虚拟化支持方式实现全系统的虚拟化,支持跨平台 和架构的CPU指令模拟,本文讨论是一款笔者的实验性项目采用Windows Hypervisor Platform虚拟机模式…☆63Updated 9 months ago
- ☆25Updated 9 months ago
- 非编译时代码混淆,包括代码块拆分、代码乱序、常量加密、代码变异、抹除jcc、局部混淆等,主要提供框架以及思路☆29Updated last year
- 一个用来做windows内核hook的框架☆78Updated 5 months ago
- A POC to detect the exist of VMProtect 3 protection by search feature watermark.☆76Updated 9 months ago
- VMProtectTest☆36Updated last year
- 整合Pluto-Obfuscator和goron部分混淆,移植到LLVM-16.0.x,使用NewPassManager☆90Updated last year
- Another LLVM-obfuscator based on LLVM-17. A fork of Arkari☆59Updated 7 months ago
- 大数字驱动逆向代码☆66Updated 10 months ago
- Heaven's Gate implementation in C for constructing x64 Win32 API call in x86 WoW64 processes.☆67Updated 2 years ago
- Hook NtDeviceIoControlFile with PatchGuard☆100Updated 2 years ago
- Win7内核私有符号结构转储☆64Updated 3 years ago
- 利用物理内存映射,实现虚拟内存的伪隐藏☆69Updated 2 years ago
- 用来辅助分析VB程序的IDA插件☆22Updated 3 years ago
- IDA Pro plugin AntiXorstr☆87Updated last year
- ☆77Updated 3 years ago
- Enum and Remove Hook in Windows☆31Updated 3 months ago
- vmp2.x virtualization☆54Updated 2 years ago
- An IDA pro plugin to display user-added comments in disassembly and pseudocode views.☆69Updated last year
- This repo contains EXPs about Vulnerable Windows Driver☆19Updated 3 months ago
- a monitoring windows driver calls kernel api tools☆87Updated 2 months ago
- IDA Plugin that fills in missing indirect CALL & JMP target information☆113Updated last year
- 基于Unicorn仿真PE模拟☆26Updated 2 years ago
- Call NtCreateUserProcess directly as normal.☆64Updated 2 years ago
- Quick check of NT kernel exported&unexported functions/global variable offset NT内核导出以及未导出函数+全局变量偏移速查☆90Updated last year
- ida提取特征码脚本☆53Updated 4 years ago
- ☆33Updated last year
- a code virtualizer based on angr☆27Updated last year
- 过TP驱动☆28Updated 4 years ago
- obfacros - a set of C++ macros that can be used to obfuscate your c/c++ code, to make executables harder for reverse-engineering.☆42Updated 5 years ago