Research on obfuscated licensing APIs / CLIP service in the Windows kernel
☆139Aug 23, 2022Updated 3 years ago
Alternatives and similar repositories for windows-software-policy
Users that are interested in windows-software-policy are comparing it to the libraries listed below
Sorting:
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆268Aug 31, 2022Updated 3 years ago
- Reimplementation of Microsoft's Warbird obuscator☆203Jun 24, 2024Updated last year
- Integration of Microsoft Warbird with the MSVC compiler☆132Jul 16, 2023Updated 2 years ago
- An example code of CiGetCertPublisherName☆17Mar 24, 2022Updated 3 years ago
- Documentation of Microsoft's Warbird obfuscation☆71Aug 29, 2024Updated last year
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆318Oct 13, 2024Updated last year
- Experimental disassembler for x86 binaries virtualized by VMProtect 3☆99Aug 27, 2022Updated 3 years ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆159Apr 13, 2023Updated 2 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆73Aug 11, 2023Updated 2 years ago
- genpatch is IDA plugin that generates a python script for patching binary☆37Dec 21, 2023Updated 2 years ago
- A simple hypervisor demonstrating the use of the Intel VT-rp (redirect protection) technology.☆114Mar 28, 2024Updated last year
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆163Aug 23, 2024Updated last year
- Demo proof of concept for shadow regions, and implementation of HyperDeceit.☆314May 31, 2023Updated 2 years ago
- Enumerate user mode shared memory mappings on Windows.☆128Feb 14, 2021Updated 5 years ago
- Browse Page Tables on Windows (Page Table Viewer)☆234Apr 2, 2022Updated 3 years ago
- Plugin for x64dbg to disable parallel loading of dependencies☆19Sep 3, 2022Updated 3 years ago
- An example of how to use Microsoft Windows Warbird technology☆96Apr 23, 2023Updated 2 years ago
- An analysis of the Warbird virtual-machine protection for the CI!g_pStore☆267Feb 6, 2018Updated 8 years ago
- A DTrace on Windows Reimplementation☆372Feb 3, 2026Updated 3 weeks ago
- x64 PE-COFF virtualization driven obfuscation engine☆58Oct 14, 2022Updated 3 years ago
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- A poc that abuses Enclave☆40Sep 8, 2022Updated 3 years ago
- Finding Truth in the Shadows☆123Jan 26, 2023Updated 3 years ago
- Internals information about Hyper-V☆731Dec 20, 2025Updated 2 months ago
- Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.☆657Jan 28, 2025Updated last year
- ntoskrnl .data hooks for UM-KM communication☆54May 26, 2024Updated last year
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆89Oct 6, 2020Updated 5 years ago
- base for testing☆186Sep 28, 2024Updated last year
- This is a repo for small, useful scripts and extensions☆258Jun 1, 2023Updated 2 years ago
- Bypassing PatchGuard on modern x64 systems☆265Apr 9, 2023Updated 2 years ago
- exploder☆13Sep 21, 2024Updated last year
- Windows driver template, using C++20 & cmake & GithubActions☆25Aug 9, 2024Updated last year
- How Meltdown and Spectre haunt Anti-Cheat: DVRT details☆22Aug 21, 2024Updated last year
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆132Apr 26, 2023Updated 2 years ago
- Kernel driver for detecting Intel VT-x hypervisors.☆197Jul 11, 2023Updated 2 years ago
- ☆99Feb 21, 2026Updated last week
- WTSRM☆216Aug 7, 2022Updated 3 years ago
- A library to develop kernel level Windows payloads for post HVCI era☆486May 18, 2021Updated 4 years ago
- 将驱动映射到会话空间☆38Aug 27, 2022Updated 3 years ago