cbwang505 / unicorn-whpx
跨平台模拟执行unicorn框架基于Qemu的TCG模式(Tiny Code Generator),以无硬件虚拟化支持方式实现全系统的虚拟化,支持跨平台和架构的CPU指令模拟,本文讨论是一款笔者的实验性项目采用Windows Hypervisor Platform虚拟机模式提供了另一种CPU指令的模拟方式,在保持原有unicorn导出接口不变的情况下,采用Hyper-v支持带硬件虚拟化支持的Windows Hypervisor Platform API接口扩展了底层CPU模拟环境实现,支持X86指令集二进制程序模拟平台和调试器.
☆66Updated last year
Alternatives and similar repositories for unicorn-whpx:
Users that are interested in unicorn-whpx are comparing it to the libraries listed below
- 使用 Intel 虚拟化特性实现应用层HOOK☆60Updated last month
- ☆33Updated last year
- ☆31Updated 4 years ago
- ☆27Updated last year
- ollvm de-obfuscator☆59Updated 3 years ago
- A POC to detect the exist of VMProtect 3 protection by search feature watermark.☆78Updated last year
- Another LLVM-obfuscator based on LLVM-17. A fork of Arkari☆72Updated last year
- 一个用来做windows内核hook的框架☆85Updated last year
- 非编译时代码混淆,包括代码块拆分、代码乱序、常量加密、代码变异、抹除jcc、局部混淆等,主要提供框架以及思路☆30Updated 2 years ago
- Ida pro plugin. The antiVM aims to quickly identify anti-virtual machine and anti-sandbox behavior. This can speed up malware analysis.☆40Updated 2 years ago
- ☆81Updated 4 years ago
- Injecting into SELinux-protected system service processes under root on Android.☆39Updated last year
- 鹅城的百姓不需要有青天大老爷,于是黄四郎就出手干掉了很多好县长。☆27Updated last year
- Emulate Drivers in RING3 with self context mapping or unicorn☆29Updated 3 months ago
- IDA Pro plugin AntiXorstr☆120Updated last month
- 内核硬件调试器模块,rootkit操作 dump☆34Updated 3 years ago
- tprt ollvm 反混淆 修改 binja il☆39Updated 7 months ago
- VMProtectTest☆35Updated 2 years ago
- a code virtualizer based on angr☆29Updated 2 years ago
- TypeScript and Frida UE4dumper. Use C++ to get offset. Modular and easy to maintain☆26Updated 7 months ago
- Kotoamatsukami is an obfuscator based on LLVM-17, utilizing LLVM's new pass to implement plug-in features, for obfuscating multiple langu…☆37Updated 3 weeks ago
- D-810 is an IDA Pro plugin which can be used to deobfuscate code at decompilation time by modifying IDA Pro microcode.☆50Updated 3 years ago
- Deobfuscate OLLVM Bogus Control Flow via angr☆63Updated 3 years ago
- Forked LLVM focused on MSVC Compatibility. This version is designed for windows users☆92Updated last week
- x86指令去混淆脚本,基于ida,capstone☆16Updated 3 years ago
- ☆96Updated 3 years ago
- deflat plugins for ida pro☆35Updated last year
- vmp2.x devirtualization☆71Updated 5 months ago
- ☆21Updated 5 years ago
- IDA Plugin that fills in missing indirect CALL & JMP target information☆123Updated 3 months ago