KiFilterFiberContext / windows-software-policyLinks
Research on obfuscated licensing APIs / CLIP service in the Windows kernel
☆122Updated 3 years ago
Alternatives and similar repositories for windows-software-policy
Users that are interested in windows-software-policy are comparing it to the libraries listed below
Sorting:
- Reimplementation of Microsoft's Warbird obuscator☆150Updated last year
- A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.☆83Updated last year
- Integration of Microsoft Warbird with the MSVC compiler☆114Updated 2 years ago
- Find out how to bypass HVCI (or not). My own research on Microsoft Warbird (specifically in clipsp.sys)☆68Updated last week
- The Windbg extensions to study Hyper-V on Intel and AMD processors.☆167Updated last month
- Take back control of Windows Code Integrity, no exploits or patching required! Requires that you control your own Platform Key (PK).☆49Updated 3 years ago
- Documentation of Microsoft's Warbird obfuscation☆52Updated last year
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆156Updated last year
- Windows kernel debugger for Linux hosts running Windows under KVM/QEMU☆96Updated 5 months ago
- Different tools for Microsoft Hyper-V researching☆61Updated 3 months ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆256Updated 3 years ago
- bypassing intel txt's tboot integrity checks via coreboot shim☆83Updated 7 months ago
- Contains all the applications developed for the Second part of the 7th Edition of Windows Internals book☆113Updated last year
- WinLicense key extraction via Intel PIN☆106Updated last year
- uefi diskless persistence technique + OVMF secureboot bypass☆94Updated last year
- Research-focused hypervisor offering advanced tools for debugging, virtual machine introspection, and automation.☆41Updated 2 weeks ago
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆85Updated 5 years ago
- Given delta compressed PE files, find download links for them on the Microsoft Symbol Server. No source PE file or VirusTotal access requ…☆31Updated last year
- A x86_64 software emulator☆154Updated 2 months ago
- Hyper-V related resources☆31Updated last year
- msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.☆153Updated last year
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆305Updated last year
- Python bindings for the Icicle emulator.☆40Updated last week
- Yet another IDA Pro/Home plugin for deobfuscating stack strings☆97Updated 2 weeks ago
- An x64dbg plugin which helps make sense of long C++ symbols☆57Updated 2 years ago
- ☆147Updated 2 years ago
- A fully compatible replacement of Windows NT NtCreateLowBoxToken syscall - precisely restored from reverse engineering☆41Updated 4 months ago
- reverse engineering of the windows nt kernel debugger protocol & reimplementation.☆29Updated last year
- An x64dbg plugin which marks XFG call signatures as data☆77Updated 2 years ago
- Simple windows API logger☆109Updated 6 years ago