KiFilterFiberContext / windows-software-policy
Research on obfuscated licensing APIs / CLIP service in the Windows kernel
☆111Updated 2 years ago
Alternatives and similar repositories for windows-software-policy:
Users that are interested in windows-software-policy are comparing it to the libraries listed below
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆245Updated 2 years ago
- A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.☆79Updated 9 months ago
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆136Updated 8 months ago
- Documentation of Microsoft's Warbird obfuscation☆50Updated 8 months ago
- ☆143Updated last year
- bypassing intel txt's tboot integrity checks via coreboot shim☆66Updated last month
- Windows kernel debugger for Linux hosts running Windows under KVM/QEMU☆79Updated 6 months ago
- The Windbg extensions to study Hyper-V on Intel and AMD processors.☆152Updated last month
- msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.☆151Updated last year
- Different tools for Microsoft Hyper-V researching☆57Updated 11 months ago
- Resolve DOS MZ executable symbols at runtime☆95Updated 3 years ago
- uefi diskless persistence technique + OVMF secureboot bypass☆61Updated last year
- Reimplementation of Microsoft's Warbird obuscator☆124Updated 10 months ago
- 🎨 Seamlessly convert your favorite Visual Studio Code themes to IDA Pro themes.☆110Updated last year
- Report and exploit of CVE-2023-36427☆90Updated last year
- Take back control of Windows Code Integrity, no exploits or patching required! Requires that you control your own Platform Key (PK).☆43Updated 2 years ago
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆83Updated 4 years ago
- Integration of Microsoft Warbird with the MSVC compiler☆103Updated last year
- x86 Real-Mode MS-DOS Emulator using Windows Hypervisor Platform☆135Updated 10 months ago
- Using Windows' own bootloader as a shim to bypass Secure Boot☆169Updated 9 months ago
- Hyper-V related resources☆30Updated last year
- Contains all the applications developed for the Second part of the 7th Edition of Windows Internals book☆108Updated 10 months ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆120Updated 2 years ago
- An x64dbg plugin which marks XFG call signatures as data☆74Updated last year
- ☆126Updated 3 weeks ago
- A Python script to download PDB files associated with a Portable Executable (PE)☆121Updated 2 months ago
- WinLicense key extraction via Intel PIN☆101Updated last year
- A C compiler targeting an artistically pleasing nightmare for reverse engineers☆97Updated 5 months ago
- Given delta compressed PE files, find download links for them on the Microsoft Symbol Server. No source PE file or VirusTotal access requ…☆30Updated last year
- vulnerability in zam64.sys, zam32.sys allowing ring 0 code execution. CVE-2021-31727 and CVE-2021-31728 public reference.☆92Updated 3 years ago