bi-zone / rdtsc-checkvirt-pocLinks
Virtualization detection through speculative execution PoCs and papers
☆68Updated 7 years ago
Alternatives and similar repositories for rdtsc-checkvirt-poc
Users that are interested in rdtsc-checkvirt-poc are comparing it to the libraries listed below
Sorting:
- Fetch PDB symbols directly from Microsoft's symbol servers☆41Updated 3 years ago
- Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.☆77Updated 14 years ago
- Windbg2ida lets you dump each step in Windbg then shows these steps in IDA☆75Updated 11 months ago
- a binary x86win32 code obfuscator using virtual machine☆32Updated 8 years ago
- Improves Hex-Rays output through batch decompilation.☆67Updated 6 years ago
- ☆91Updated 4 years ago
- This is the first software system, which can detect a stealthy hypervisor and calculate several nested ones even under countermeasures.☆85Updated 9 years ago
- [ARCHIVED] mov rax, ${Thalium/IceBox}; jmp rax;☆73Updated 5 years ago
- Intermediate x86 instruction representation for use in obfuscation/deobfuscation.☆53Updated 8 years ago
- A set of small utilities, helpers for PIN tracers☆33Updated last year
- An API Monitor based on Instrumentation☆43Updated 7 years ago
- Driver demonstrating how to register a DPC to asynchronously wait on an object☆49Updated 4 years ago
- VMCS Auditor provides almost all of Intel's VMCS Layout checklist based on Bochs Emulator.☆32Updated 6 years ago
- Takes a Windbg dumped structure (using the 'dt' command) and formats it into a C structure☆35Updated 10 months ago
- Bootkits Revisited☆41Updated 11 years ago
- Driver and WinDBG scripts to dump information about all resources and lookaside lists☆67Updated 5 years ago
- DirectNtApi - simple method to make ntapi function call without importing or walking export table. Work under Windows 7, 8 and 10☆53Updated last year
- Parser for Microsoft Program Database (PDB) files☆76Updated 4 years ago
- A C polymorphic and metamorphic engine☆68Updated 6 years ago
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆84Updated 4 years ago
- Hypervisor based tool for monitoring system register accesses.☆146Updated 6 years ago
- Decrement Windows Kernel for fun and profit☆38Updated 7 years ago
- Resolve DOS MZ executable symbols at runtime☆95Updated 3 years ago
- The sample DXE runtime driver demonstrating how to program DMA remapping.☆58Updated last year
- ☆34Updated 7 years ago
- Simple proof of concept code for injecting libraries on 64bit processes from a 32bit process☆94Updated 6 years ago
- ☆34Updated 3 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆72Updated last year
- Elevation of privilege detector based on HyperPlatform☆122Updated 8 years ago
- reverse engineering extension plugin for windbg☆116Updated 5 years ago