KiFilterFiberContext / VMP3-Disasm
Experimental disassembler for x86 binaries virtualized by VMProtect 3
☆92Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for VMP3-Disasm
- ☆36Updated 2 years ago
- VM devirtualization PoC based on AsmJit and llvm☆104Updated 3 years ago
- unorthodox approach to analyze a trace, but this helped me get comfy with x64 instructions overall (excluding sse/avx/etc lol), cleared u…☆52Updated 9 months ago
- ☆23Updated last year
- Code virtualizer☆22Updated 8 years ago
- fix vmprotect import function used unicorn-engine.☆92Updated last year
- Use ntdll/ntoskrnl to implement Kernel32, Advapi32 and other APIs. It includes user-mode and kernel-mode.☆66Updated 3 weeks ago
- VMP Mutation API Fix☆39Updated 2 years ago
- Obfuscate calls to imports by patching in stubs☆64Updated 3 years ago
- X86/X64 Hardware Breakpoint Manager☆39Updated 3 years ago
- Kernel ReClassEx☆63Updated last year
- VMProtectTest☆37Updated last year
- ☆78Updated 3 years ago
- A tool that aims to aid in finding VM entries in binaries protected by VMProtect 3.5☆24Updated last year
- Different aproaches to detecting EPT hooks☆84Updated 2 years ago
- Discarded Section Manual Map☆66Updated 4 years ago
- A basic 100 loc CPU emulator using the existing code of ntoskrnl.exe☆69Updated last year
- ☆22Updated 2 years ago
- A poc that abuses Enclave☆36Updated 2 years ago
- vmp2.x devirtualization☆62Updated 2 weeks ago
- C++ library for parsing and manipulating PE files statically and dynamically.☆87Updated last year
- ☆36Updated last year
- A library for intel VT-x hypervisor functionality supporting EPT shadowing.☆48Updated 3 years ago
- Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols)☆62Updated last year
- detect hypervisor with Nmi Callback☆34Updated 2 years ago
- Using ReadDirectoryChangesW to detect CheatEngine☆43Updated 2 years ago
- ☆69Updated 2 years ago