A Windows Kernel Driver Emulator base on Unicorn, Kernel Memory Dump and some of native environment
☆162Jan 15, 2026Updated last month
Alternatives and similar repositories for KDemu
Users that are interested in KDemu are comparing it to the libraries listed below
Sorting:
- C++ Alt syscall hook in 25h2 can be load by KDU☆22Feb 18, 2026Updated last week
- Dragoon☆13Aug 8, 2017Updated 8 years ago
- C++ Assembler with Built-in Mutation Engine☆30Sep 6, 2025Updated 5 months ago
- Try to transport the tcpip stack of ReactOS to Windows XP.☆17Feb 27, 2014Updated 12 years ago
- Windows kernel driver that detects hypervisors by probing SIDT/LIDT edge cases, paging/TLB behaviors, privilege transitions, and timing e…☆36Dec 17, 2025Updated 2 months ago
- .data ptr swapper for newer win32k versions. (Supports Windows 11)☆36Jan 19, 2026Updated last month
- A Windows PE packer for executables (x64) with LZMA compression and with full TLS (Thread Local Storage) support.☆93Oct 27, 2025Updated 4 months ago
- Make You Happy!☆255Updated this week
- My CTF Challenge☆11Feb 5, 2026Updated 3 weeks ago
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆133May 17, 2023Updated 2 years ago
- VM devirtualization PoC based on AsmJit and llvm☆123Sep 14, 2021Updated 4 years ago
- minimal hypervisor for aarch64 (WIP)☆31Nov 29, 2025Updated 2 months ago
- COFF and Portable Executable format described using standard C++ with no dependencies.☆339Apr 24, 2025Updated 10 months ago
- Minimalistic HTTP(S) client for the NT kernel☆62Dec 1, 2025Updated 2 months ago
- Deobfuscation via optimization with usage of LLVM IR and parsing assembly.☆766Sep 29, 2025Updated 4 months ago
- 对Windbg以Exdi模式下调试windows做一些修复☆21Aug 25, 2023Updated 2 years ago
- A simple parser(library) which extracts shimcache data from windows.☆15May 20, 2019Updated 6 years ago
- ☆19Jan 4, 2026Updated last month
- Kernel driver that .text hooks a syscall in dxgkrnl.sys which can be called from our user-mode client to send instructions like rpm/wpm a…☆207Dec 16, 2022Updated 3 years ago
- A basic implementation of Patch Guard that I implemented, that includes integrity checks and other protection mechanisms I added.☆78Mar 29, 2025Updated 10 months ago
- Implementing an early exception handler for hooking and threadless process injection without relying on VEH or SEH☆137Aug 31, 2025Updated 5 months ago
- a ringcon based IDA Pro controller☆72Jan 26, 2024Updated 2 years ago
- A DLL Injection Detector for Windows.☆76Oct 18, 2025Updated 4 months ago
- ☆19Oct 25, 2024Updated last year
- Monitor ETW events for Windows process mitigation policies, with stack traces☆31Oct 7, 2022Updated 3 years ago
- Hooking Windows' exception dispatcher to protect process's PML4☆227Jan 24, 2025Updated last year
- memory introspection and reverse engineering hypervisor powered by leveraging Hyper-V☆565Nov 15, 2025Updated 3 months ago
- A cross-platform C++ framework for building Windows shellcode☆158Feb 9, 2026Updated 2 weeks ago
- Logging library for kernel drivers written for the Windows NT operating system.☆21Oct 17, 2025Updated 4 months ago
- Use ntdll/ntoskrnl to implement Kernel32, Advapi32 and other APIs. It includes user-mode and kernel-mode.☆96Aug 26, 2025Updated 6 months ago
- A packed & protected Module Loader and more, for 64-bit Windows☆27Mar 5, 2021Updated 4 years ago
- An x86-64 Code Virtualizer☆304Sep 26, 2024Updated last year
- Reverse Socks5 proxy for windows☆16Oct 13, 2022Updated 3 years ago
- x86-64 Automated test data generator☆26Aug 18, 2025Updated 6 months ago
- A high-performance C++ framework for emulating executable binaries☆128Nov 23, 2025Updated 3 months ago
- Archive R/W into any protected process by changing the value of KTHREAD->PreviousMode☆163Jul 31, 2022Updated 3 years ago
- Read Write Memory without attach☆90Aug 18, 2024Updated last year
- This master thesis project continuously collects and analyses Microsoft Windows kernel drivers using static and dynamic methods to help s…☆21Nov 4, 2024Updated last year
- Automated multi-engine framework for unpacking, analyzing, and devirtualizing binaries protected by commercial and custom Virtual Machine…☆329Oct 10, 2025Updated 4 months ago