KiFilterFiberContext / windows-software-policyLinks
Research on obfuscated licensing APIs / CLIP service in the Windows kernel
☆122Updated 3 years ago
Alternatives and similar repositories for windows-software-policy
Users that are interested in windows-software-policy are comparing it to the libraries listed below
Sorting:
- Reimplementation of Microsoft's Warbird obuscator☆143Updated last year
- Integration of Microsoft Warbird with the MSVC compiler☆112Updated 2 years ago
- The Windbg extensions to study Hyper-V on Intel and AMD processors.☆167Updated last month
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆156Updated last year
- Take back control of Windows Code Integrity, no exploits or patching required! Requires that you control your own Platform Key (PK).☆49Updated 3 years ago
- Windows kernel debugger for Linux hosts running Windows under KVM/QEMU☆96Updated 4 months ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆255Updated 3 years ago
- Documentation of Microsoft's Warbird obfuscation☆54Updated last year
- A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.☆83Updated last year
- WinLicense key extraction via Intel PIN☆104Updated last year
- Different tools for Microsoft Hyper-V researching☆61Updated 2 months ago
- An x64dbg plugin which helps make sense of long C++ symbols☆59Updated 2 years ago
- Contains all the applications developed for the Second part of the 7th Edition of Windows Internals book☆114Updated last year
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆305Updated 11 months ago
- Port of zentool to Windows☆26Updated 6 months ago
- uefi diskless persistence technique + OVMF secureboot bypass☆93Updated last year
- bypassing intel txt's tboot integrity checks via coreboot shim☆81Updated 6 months ago
- Given delta compressed PE files, find download links for them on the Microsoft Symbol Server. No source PE file or VirusTotal access requ…☆29Updated last year
- An x64dbg plugin which marks XFG call signatures as data☆77Updated 2 years ago
- unorthodox approach to analyze a trace, but this helped me get comfy with x64 instructions overall (excluding sse/avx/etc lol), cleared u…☆62Updated last year
- msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.☆154Updated last year
- 🎨 Seamlessly convert your favorite Visual Studio Code themes to IDA Pro themes.☆117Updated last year
- Proof-of-concept game using VBS enclaves to protect itself from cheating☆43Updated 10 months ago
- Documenting system information classes and their uses☆55Updated 3 years ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆129Updated 2 years ago
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆85Updated 4 years ago
- A Binary Ninja plugin to deobfuscate Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.☆33Updated last year
- Simple windows API logger☆109Updated 6 years ago
- ☆147Updated 2 years ago
- Yet another IDA Pro/Home plugin for deobfuscating stack strings☆79Updated last week