cbwang505 / llvmanalyzer
笔者在一款基于LLVM编译器架构的retdec开源反编译器工具的基础上,融合了klee符号执行工具,通过符号执行(Symbolic Execution)引擎动态模拟反编译后的llvm的ir(中间指令集)运行源程序的方法,插桩所有的对x86指令集的thiscall类型函数对this指针结构体(也就是rcx寄存器,简称this结构)偏移量引用,经行分析汇总后自动识别this结构体的具体内容,并自动集成导入ida工具辅助分析.
☆216Updated 2 years ago
Alternatives and similar repositories for llvmanalyzer:
Users that are interested in llvmanalyzer are comparing it to the libraries listed below
- My toy llvm pass☆133Updated 2 years ago
- Official Capstone Disassembly Engine API documentation☆127Updated 3 years ago
- ☆193Updated last year
- An IDA pro plugin to display user-added comments in disassembly and pseudocode views.☆79Updated last year
- ☆82Updated 4 years ago
- ScyllaHide for IDA7.5; ScyllaHide IDA7.5; It is a really niccccccce anti-anti-debug tool☆200Updated 3 years ago
- Obfuscator-LLVM for LLVM 16.x branch☆192Updated last year
- deobfuse compiler☆214Updated 3 years ago
- IDA高级技巧 API符号自动识别库 IDASignMaker☆128Updated 4 years ago
- break ollvm.☆98Updated 4 years ago
- ollvm de-obfuscator☆58Updated 3 years ago
- an ida plugin used to decompile vmp☆307Updated 6 months ago
- IdaClu is a version agnostic IDA Pro plugin for grouping similar functions. Pick an existing grouping algorithm or create your own.☆154Updated 2 months ago
- obfuscator-llvm 移植到llvm12.x.☆234Updated last year
- 用于存放IDA的研究资料和文档☆93Updated 3 years ago
- linux kernel inline hook☆120Updated 2 years ago
- ☆111Updated 6 years ago
- PLCT实验室维护的ollvm分支。原始代码来自于 https://github.com/obfuscator-llvm/obfuscator 移植到了最新的 LLVM �上。☆166Updated 2 years ago
- Find crypto constants IDA 7.x plugin☆116Updated 2 years ago
- 跨平台模拟执行unicorn框架基于Qemu的TCG模式(Tiny Code Generator),以无硬件虚拟化支持方式实现全系统的虚拟化,支持跨平台和架构的CPU指令模拟,本文讨论是一款笔者的实验性项目采用Windows Hypervisor Platform虚拟机模式…☆65Updated last year
- Deobfuscate OLLVM Bogus Control Flow via angr☆62Updated 3 years ago
- An IDA plugin for making pseudocode better.☆328Updated 2 years ago
- A static devirtualizer for VMProtect x64 3.x. powered by VTIL.☆21Updated 2 years ago
- Official Unicorn CPU emulator framework API documentation☆261Updated last year
- A step-by-step tutorial for building an LLVM sample pass☆192Updated 2 years ago
- D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation time by modifying IDA Pro microcode.☆44Updated 3 years ago
- Rizzo plugin ported to IDA 7.4+☆43Updated 3 months ago
- A tool for recognizing function symbol☆444Updated 9 months ago
- ELF static analysis and injection framework that parse, manipulate, patch and camouflage ELF files.☆57Updated last week
- a plugin for ida of version 7.2 to help know F5 window codes better☆54Updated 5 years ago