KiFilterFiberContext / windows-software-policyLinks
Research on obfuscated licensing APIs / CLIP service in the Windows kernel
☆116Updated 2 years ago
Alternatives and similar repositories for windows-software-policy
Users that are interested in windows-software-policy are comparing it to the libraries listed below
Sorting:
- Reimplementation of Microsoft's Warbird obuscator☆132Updated last year
- A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.☆82Updated 11 months ago
- Integration of Microsoft Warbird with the MSVC compiler☆105Updated last year
- WinLicense key extraction via Intel PIN☆101Updated last year
- Documentation of Microsoft's Warbird obfuscation☆52Updated 10 months ago
- Take back control of Windows Code Integrity, no exploits or patching required! Requires that you control your own Platform Key (PK).☆49Updated 2 years ago
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆146Updated 10 months ago
- The Windbg extensions to study Hyper-V on Intel and AMD processors.☆153Updated 4 months ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆248Updated 2 years ago
- bypassing intel txt's tboot integrity checks via coreboot shim☆70Updated 4 months ago
- Using Windows' own bootloader as a shim to bypass Secure Boot☆174Updated 11 months ago
- Contains all the applications developed for the Second part of the 7th Edition of Windows Internals book☆110Updated last year
- Windows kernel debugger for Linux hosts running Windows under KVM/QEMU☆88Updated last month
- An x64dbg plugin which marks XFG call signatures as data☆77Updated 2 years ago
- uefi diskless persistence technique + OVMF secureboot bypass☆81Updated last year
- Simple windows API logger☆108Updated 5 years ago
- An x64dbg plugin which helps make sense of long C++ symbols☆59Updated 2 years ago
- x86/x64 Ring 0/-2 System Freezer/Debugger☆117Updated last month
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆292Updated 9 months ago
- Global user-mode hooking framework, based on AppInit_DLLs. The goal is to allow you to rapidly develop hooks to inject in an arbitrary pr…☆172Updated 3 years ago
- Resolve DOS MZ executable symbols at runtime☆95Updated 3 years ago
- Different tools for Microsoft Hyper-V researching☆58Updated 3 weeks ago
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆84Updated 4 years ago
- A x86 CPU & Environment emulator for Windows user and kernel binaries.☆122Updated last month
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆124Updated 2 years ago
- unorthodox approach to analyze a trace, but this helped me get comfy with x64 instructions overall (excluding sse/avx/etc lol), cleared u…☆60Updated last year
- Simple EFI runtime driver that hooks GetVariable function and returns data expected by Windows to make it think that it's running with se…☆167Updated 3 years ago
- Ghetto user mode emulation of Windows kernel drivers.☆142Updated 8 months ago
- A C compiler targeting an artistically pleasing nightmare for reverse engineers☆100Updated 7 months ago
- The DataExplorer plugin integrates the pattern language from ImHex into x64dbg.☆83Updated 5 months ago