Experimental disassembler for x86 binaries virtualized by VMProtect 3
☆99Aug 27, 2022Updated 3 years ago
Alternatives and similar repositories for VMP3-Disasm
Users that are interested in VMP3-Disasm are comparing it to the libraries listed below
Sorting:
- A repository of IDA Databases and Binaries used for the analysis of popular commercial virtual-machine obfuscators☆72Oct 7, 2022Updated 3 years ago
- Universal x86/x64 VMProtect 2.0-3.X Import fixer☆20Dec 29, 2021Updated 4 years ago
- VMP Mutation API Fix☆44Feb 17, 2022Updated 4 years ago
- Easy Anti PatchGuard☆223Apr 9, 2021Updated 4 years ago
- ☆423Jan 1, 2025Updated last year
- A general solution to simulate execution of virtualized instructions (vmprotect/themida, etc.).☆77Feb 9, 2022Updated 4 years ago
- A basic 100 loc CPU emulator using the existing code of ntoskrnl.exe☆75Aug 16, 2023Updated 2 years ago
- a minimalistic windows hypervisor for amd processors☆138Jun 30, 2022Updated 3 years ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆268Aug 31, 2022Updated 3 years ago
- VM devirtualization PoC based on AsmJit and llvm☆123Sep 14, 2021Updated 4 years ago
- Decoder for VMProtect hwids☆18Aug 1, 2022Updated 3 years ago
- Binary Ninja plugin for automating VMProtect analysis☆63Dec 2, 2022Updated 3 years ago
- Kernel driver for detecting Intel VT-x hypervisors.☆197Jul 11, 2023Updated 2 years ago
- ☆73Aug 31, 2022Updated 3 years ago
- ☆13Sep 25, 2023Updated 2 years ago
- windows kernelmode driver to inject dll into each and every process and perform systemwide function hooking☆53Aug 28, 2022Updated 3 years ago
- A simple x86_64 AMD-v hypervisor type-2 Programmed with C++, with soon to be added syscall hooks. [W.I.P]☆104Aug 3, 2023Updated 2 years ago
- Mapping your code on a 0x1000 size page☆71May 20, 2022Updated 3 years ago
- C/C++ Runtime library for system file (Windows Kernel Driver) - Supports Microsoft STL☆192Aug 27, 2022Updated 3 years ago
- ☆24Apr 12, 2022Updated 3 years ago
- Emulate Drivers in RING3 with self context mapping or unicorn☆365Aug 18, 2022Updated 3 years ago
- devirtualization vmprotect☆65Mar 11, 2023Updated 2 years ago
- This is the first software system, which can detect a stealthy hypervisor and calculate several nested ones even under countermeasures.☆87Jun 16, 2015Updated 10 years ago
- ☆36Jun 20, 2022Updated 3 years ago
- 🪝 Various EPT hook detection approaches☆143Feb 22, 2026Updated last week
- vmp2.x devirtualization☆90Nov 3, 2024Updated last year
- Virtual Machine for x64 and x86 systems☆37Apr 13, 2025Updated 10 months ago
- ☆37May 9, 2023Updated 2 years ago
- Fix VMProtect3 IAT☆305Dec 5, 2023Updated 2 years ago
- Fix VMProtect 3.xx (tested 3.0.9 to 3.5.0)☆18Feb 1, 2022Updated 4 years ago
- x86 PE Mutator☆233Dec 24, 2022Updated 3 years ago
- ☆26Sep 29, 2022Updated 3 years ago
- Bypassing EasyAntiCheat.sys self-integrity by abusing call hierarchy☆83Oct 6, 2022Updated 3 years ago
- Analyze patches in a process☆259Jul 28, 2021Updated 4 years ago
- Illustrates the concept of return address spoofing, and how it is used.☆14May 13, 2020Updated 5 years ago
- Fix VMProtect Import Protection☆371Aug 12, 2021Updated 4 years ago
- A PoC for requesting HWIDs directly from hardware, skipping any potential hooks or OS support.☆89Mar 16, 2021Updated 4 years ago
- A simple way to spoof return addresses using an exception handler☆43Aug 3, 2022Updated 3 years ago
- Assets for the "Tickling VMProtect with LLVM" blog post.☆168Sep 16, 2021Updated 4 years ago