KiFilterFiberContext / windows-software-policyLinks
Research on obfuscated licensing APIs / CLIP service in the Windows kernel
☆133Updated 3 years ago
Alternatives and similar repositories for windows-software-policy
Users that are interested in windows-software-policy are comparing it to the libraries listed below
Sorting:
- Reimplementation of Microsoft's Warbird obuscator☆154Updated last year
- Integration of Microsoft Warbird with the MSVC compiler☆117Updated 2 years ago
- Documentation of Microsoft's Warbird obfuscation☆55Updated last year
- Windows kernel debugger for Linux hosts running Windows under KVM/QEMU☆114Updated 3 weeks ago
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆160Updated last year
- The Windbg extensions to study Hyper-V on Intel and AMD processors.☆169Updated 4 months ago
- Take back control of Windows Code Integrity, no exploits or patching required! Requires that you control your own Platform Key (PK).☆49Updated 3 years ago
- A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.☆90Updated last year
- Find out how to bypass HVCI (or not). My own research on Microsoft Warbird (specifically in clipsp.sys)☆85Updated 2 months ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆258Updated 3 years ago
- bypassing intel txt's tboot integrity checks via coreboot shim☆83Updated 10 months ago
- WinLicense key extraction via Intel PIN☆107Updated last year
- uefi diskless persistence technique + OVMF secureboot bypass☆95Updated last year
- Example of using Windows Platform Binary Table (WPBT)☆26Updated 2 years ago
- reverse engineering of the windows nt kernel debugger protocol & reimplementation.☆35Updated last year
- Contains all the applications developed for the Second part of the 7th Edition of Windows Internals book☆115Updated last year
- msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.☆159Updated 2 years ago
- A x86_64 software emulator☆161Updated 4 months ago
- CMake template for a basic EFI application/bootkit. This library is header-only, there is no EDK2 runtime!).☆80Updated 3 years ago
- 🎨 Seamlessly convert your favorite Visual Studio Code themes to IDA Pro themes.☆117Updated last year
- Using Windows' own bootloader as a shim to bypass Secure Boot☆212Updated last year
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆87Updated 5 years ago
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆316Updated last year
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆131Updated 2 years ago
- Given delta compressed PE files, find download links for them on the Microsoft Symbol Server. No source PE file or VirusTotal access requ…☆42Updated last year
- Ghetto user mode emulation of Windows kernel drivers.☆158Updated last year
- Resolve DOS MZ executable symbols at runtime☆96Updated 4 years ago
- An x64dbg plugin which marks XFG call signatures as data☆78Updated 2 years ago
- The simple UEFI application to create a Windows Platform Binary Table (WPBT) from the UEFI shell.☆120Updated 4 years ago
- devirtualization vmprotect☆64Updated 2 years ago