KiFilterFiberContext / windows-software-policyLinks
Research on obfuscated licensing APIs / CLIP service in the Windows kernel
☆113Updated 2 years ago
Alternatives and similar repositories for windows-software-policy
Users that are interested in windows-software-policy are comparing it to the libraries listed below
Sorting:
- Integration of Microsoft Warbird with the MSVC compiler☆105Updated last year
- Windows kernel debugger for Linux hosts running Windows under KVM/QEMU☆85Updated 3 weeks ago
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆143Updated 10 months ago
- uefi diskless persistence technique + OVMF secureboot bypass☆81Updated last year
- A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.☆82Updated 10 months ago
- Reimplementation of Microsoft's Warbird obuscator☆130Updated last year
- Documentation of Microsoft's Warbird obfuscation☆52Updated 9 months ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆248Updated 2 years ago
- bypassing intel txt's tboot integrity checks via coreboot shim☆70Updated 3 months ago
- The Windbg extensions to study Hyper-V on Intel and AMD processors.☆153Updated 3 months ago
- Different tools for Microsoft Hyper-V researching☆57Updated last year
- Hyper-V related resources☆31Updated last year
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆122Updated 2 years ago
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆84Updated 4 years ago
- unorthodox approach to analyze a trace, but this helped me get comfy with x64 instructions overall (excluding sse/avx/etc lol), cleared u…☆60Updated last year
- ☆71Updated 2 years ago
- 🎨 Seamlessly convert your favorite Visual Studio Code themes to IDA Pro themes.☆111Updated last year
- Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols)☆66Updated last year
- msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.☆152Updated last year
- ☆76Updated 3 months ago
- An x64dbg plugin which marks XFG call signatures as data☆77Updated 2 years ago
- Windows KASLR bypass using prefetch side-channel☆102Updated last year
- Makes IDA (most versions) to crash upon opening it.☆92Updated 9 months ago
- Report and exploit of CVE-2023-36427☆90Updated last year
- A x86 CPU & Environment emulator for Windows user and kernel binaries.☆104Updated 2 weeks ago
- Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post☆63Updated 9 months ago
- Resolve DOS MZ executable symbols at runtime☆95Updated 3 years ago
- Windows kernel PDB data parsed into YAML☆37Updated 7 months ago
- Lightweight PDB symbol parser and resolver☆26Updated 7 months ago
- Documenting system information classes and their uses☆51Updated 3 years ago