Research on obfuscated licensing APIs / CLIP service in the Windows kernel
☆140Aug 23, 2022Updated 3 years ago
Alternatives and similar repositories for windows-software-policy
Users that are interested in windows-software-policy are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆271Aug 31, 2022Updated 3 years ago
- Reimplementation of Microsoft's Warbird obuscator☆207Jun 24, 2024Updated last year
- Integration of Microsoft Warbird with the MSVC compiler☆133Jul 16, 2023Updated 2 years ago
- Documentation of Microsoft's Warbird obfuscation☆72Aug 29, 2024Updated last year
- An example code of CiGetCertPublisherName☆16Mar 24, 2022Updated 3 years ago
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆321Oct 13, 2024Updated last year
- genpatch is IDA plugin that generates a python script for patching binary☆38Dec 21, 2023Updated 2 years ago
- Experimental disassembler for x86 binaries virtualized by VMProtect 3☆98Aug 27, 2022Updated 3 years ago
- EAPPX/EMSIX decryption and extraction☆33Jun 13, 2024Updated last year
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆73Aug 11, 2023Updated 2 years ago
- Enumerate user mode shared memory mappings on Windows.☆134Feb 14, 2021Updated 5 years ago
- A simple hypervisor demonstrating the use of the Intel VT-rp (redirect protection) technology.☆114Mar 28, 2024Updated last year
- Find out how to bypass HVCI (or not). My own research on Microsoft Warbird (specifically in clipsp.sys)☆95Oct 26, 2025Updated 4 months ago
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆165Aug 23, 2024Updated last year
- Reports and POCs for CVE 2024-43570 and CVE-2024-43535☆30Jun 7, 2025Updated 9 months ago
- An analysis of the Warbird virtual-machine protection for the CI!g_pStore☆268Feb 6, 2018Updated 8 years ago
- Recursive and arbitrary code execution at kernel-level without a system thread creation☆159Mar 16, 2026Updated last week
- An example of how to use Microsoft Windows Warbird technology☆97Apr 23, 2023Updated 2 years ago
- Windows KASLR bypass using prefetch side-channel☆178Apr 26, 2024Updated last year
- Demo proof of concept for shadow regions, and implementation of HyperDeceit.☆317May 31, 2023Updated 2 years ago
- Browse Page Tables on Windows (Page Table Viewer)☆236Apr 2, 2022Updated 3 years ago
- reverse engineering of the windows nt kernel debugger protocol & reimplementation.☆36Jul 2, 2024Updated last year
- Demo to show how write ALPC Client & Server using native Ntdll.dll syscalls.☆21Jan 25, 2022Updated 4 years ago
- A DTrace on Windows Reimplementation☆372Mar 12, 2026Updated last week
- Finding Truth in the Shadows☆125Jan 26, 2023Updated 3 years ago
- ntoskrnl .data hooks for UM-KM communication☆54May 26, 2024Updated last year
- Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.☆663Jan 28, 2025Updated last year
- R.I.P. 😔☆72Mar 25, 2025Updated 11 months ago
- Internals information about Hyper-V☆733Mar 7, 2026Updated 2 weeks ago
- ☆33Dec 22, 2020Updated 5 years ago
- Plugin for x64dbg to disable parallel loading of dependencies☆19Sep 3, 2022Updated 3 years ago
- research revolving the windows filtering platform callout mechanism☆39May 26, 2024Updated last year
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆90Oct 6, 2020Updated 5 years ago
- 将驱动映射到会话空间☆38Aug 27, 2022Updated 3 years ago
- How Meltdown and Spectre haunt Anti-Cheat: DVRT details☆21Aug 21, 2024Updated last year
- exploder☆13Sep 21, 2024Updated last year
- base for testing☆187Sep 28, 2024Updated last year
- The Windbg extensions to study Hyper-V on Intel and AMD processors.☆171Feb 10, 2026Updated last month
- Kernel driver for detecting Intel VT-x hypervisors.☆202Jul 11, 2023Updated 2 years ago