VM devirtualization PoC based on AsmJit and llvm
☆123Sep 14, 2021Updated 4 years ago
Alternatives and similar repositories for vm_jit
Users that are interested in vm_jit are comparing it to the libraries listed below
Sorting:
- LLVM based devirtualization PoC’s.☆21Dec 11, 2021Updated 4 years ago
- Experimental disassembler for x86 binaries virtualized by VMProtect 3☆99Aug 27, 2022Updated 3 years ago
- Assets for the "Tickling VMProtect with LLVM" blog post.☆168Sep 16, 2021Updated 4 years ago
- A simple x86_64 AMD-v hypervisor type-2 Programmed with C++, with soon to be added syscall hooks. [W.I.P]☆104Aug 3, 2023Updated 2 years ago
- A library for intel VT-x hypervisor functionality supporting EPT shadowing.☆51Mar 11, 2021Updated 4 years ago
- A VMP to VTIL lifter.☆445May 20, 2021Updated 4 years ago
- Self-hosting binary instrumentation framework for security research☆12Apr 10, 2023Updated 2 years ago
- Deobfuscation via optimization with usage of LLVM IR and parsing assembly.☆766Sep 29, 2025Updated 5 months ago
- c++ implementation of windows heavens gate☆70Feb 12, 2021Updated 5 years ago
- VT-based PCI device monitor (SPI)☆158Oct 29, 2020Updated 5 years ago
- Universal x86/x64 VMProtect 2.0-3.X Import fixer☆20Dec 29, 2021Updated 4 years ago
- Collection of obfuscation, tamper-proofing, and watermarking algorithms targeting LLVM IR.☆76Nov 12, 2019Updated 6 years ago
- Analyze patches in a process☆259Jul 28, 2021Updated 4 years ago
- Deobfuscation of Semi-Linear Mixed Boolean-Arithmetic Expressions☆80Jan 24, 2026Updated last month
- PoC for a taint based attack on VMProtect☆123Jul 3, 2019Updated 6 years ago
- Easy Anti PatchGuard☆223Apr 9, 2021Updated 4 years ago
- Open Anti Cheat☆27Jul 16, 2022Updated 3 years ago
- ☆423Jan 1, 2025Updated last year
- Kernel driver for detecting Intel VT-x hypervisors.☆197Jul 11, 2023Updated 2 years ago
- Simple Demo of using Windows Hypervisor Platform☆29Jul 14, 2025Updated 7 months ago
- Monitor ETW events for Windows process mitigation policies, with stack traces☆31Oct 7, 2022Updated 3 years ago
- Playing with the VMProtect software protection. Automatic deobfuscation of pure functions using symbolic execution and LLVM.☆1,389Jun 11, 2022Updated 3 years ago
- devirtualization vmprotect☆65Mar 11, 2023Updated 2 years ago
- A simple example how to decrypt kernel debugger data block☆32Feb 8, 2021Updated 5 years ago
- A native hypervisor designed for the Windows operating system☆125Mar 6, 2021Updated 4 years ago
- vmp2.x devirtualization☆90Nov 3, 2024Updated last year
- LLVM based static binary analysis framework☆302Apr 2, 2025Updated 10 months ago
- Some research on AltSystemCallHandlers functionality in Windows 10 20H1 18999☆240Nov 6, 2019Updated 6 years ago
- A driver that supports communication between a Windows guest and HyperWin☆15Jan 6, 2021Updated 5 years ago
- Tutorial on solving a VM based CrackMe.☆66Jul 23, 2020Updated 5 years ago
- Code Deobfuscator x86_32/64☆52Aug 16, 2022Updated 3 years ago
- Native code virtualizer for x64 binaries☆517Dec 20, 2024Updated last year
- This plugin serves as a bridge between Binary Ninja and Ghidra's disassembler.☆36Jun 27, 2022Updated 3 years ago
- a minimalistic windows hypervisor for amd processors☆138Jun 30, 2022Updated 3 years ago
- Lift machine code to performant LLVM IR☆490Jun 17, 2024Updated last year
- pcmonitor - windows kernel driver to monitor users activity(such as keyboard input, screenshot) and send encrypted reports to mobile appl…☆118Feb 5, 2014Updated 12 years ago
- ☆39Oct 29, 2020Updated 5 years ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆268Aug 31, 2022Updated 3 years ago
- 09/2021 reversal of EasyAntiCheat driver☆235Dec 21, 2021Updated 4 years ago