bi-zone / rdtsc-checkvirt-pocLinks
Virtualization detection through speculative execution PoCs and papers
☆69Updated 7 years ago
Alternatives and similar repositories for rdtsc-checkvirt-poc
Users that are interested in rdtsc-checkvirt-poc are comparing it to the libraries listed below
Sorting:
- Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.☆78Updated 14 years ago
- Automatically exported from code.google.com/p/virtdbg☆98Updated 10 years ago
- a binary x86win32 code obfuscator using virtual machine☆32Updated 8 years ago
- Library for kernel and user mode splicing for Windows (x86 and x64).☆63Updated 12 years ago
- Bootkits Revisited☆40Updated 11 years ago
- Fetch PDB symbols directly from Microsoft's symbol servers☆42Updated 3 years ago
- Implementation of a dispatcher for Structured Exceptions inside a Vectored Exception Handler☆41Updated 5 years ago
- Decrement Windows Kernel for fun and profit☆38Updated 7 years ago
- Hypervisor based tool for monitoring system register accesses.☆148Updated 6 years ago
- Intermediate x86 instruction representation for use in obfuscation/deobfuscation.☆53Updated 8 years ago
- Takes a Windbg dumped structure (using the 'dt' command) and formats it into a C structure☆35Updated 11 months ago
- Retrieve pointers to undocumented kernel functions and offsets to members within undocumented structures to use in your driver by using t…☆60Updated 6 years ago
- This is the first software system, which can detect a stealthy hypervisor and calculate several nested ones even under countermeasures.☆85Updated 10 years ago
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆68Updated 5 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆72Updated last year
- DirectNtApi - simple method to make ntapi function call without importing or walking export table. Work under Windows 7, 8 and 10☆53Updated last year
- AMD SVM hypervisor rootkit proof of concept☆46Updated last year
- Resolve DOS MZ executable symbols at runtime☆95Updated 3 years ago
- The sample DXE runtime driver demonstrating how to program DMA remapping.☆59Updated last year
- Extended Length Disassembler Engine for x86-64 (1337 bytes in size)☆52Updated 6 years ago
- Elevation of privilege detector based on HyperPlatform☆122Updated 8 years ago
- A project that aims to automatically devirtualize code that has been virtualized using x86virt☆126Updated 2 years ago
- Driver demonstrating how to register a DPC to asynchronously wait on an object☆49Updated 4 years ago
- An API Monitor based on Instrumentation☆43Updated 7 years ago
- Windbg2ida lets you dump each step in Windbg then shows these steps in IDA