dmaivel / covirt
An x86-64 code virtualizer for VM based obfuscation
☆114Updated 3 months ago
Alternatives and similar repositories for covirt:
Users that are interested in covirt are comparing it to the libraries listed below
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut�…☆118Updated last year
- Forked LLVM focused on MSVC Compatibility. This version is designed for windows users☆93Updated 2 weeks ago
- C++ macro for x64 programs that breaks ida hex-rays decompiler tool.☆110Updated last year
- PoC Anti-Rootkit/Anti-Cheat Driver.☆186Updated 6 months ago
- Hooking Windows' exception dispatcher to protect process's PML4☆165Updated 2 months ago
- An x86-64 Code Virtualizer☆251Updated 6 months ago
- compile-time control flow obfuscation using mba☆181Updated last year
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆114Updated last year
- Detects virtual machines and malware analysis environments☆125Updated 2 years ago
- DSE & PG bypass via BYOVD attack☆49Updated last year
- Obfuscator-llvm Control Flow Flattening Deobfuscator☆105Updated this week
- 整合Pluto-Obfuscator和goron部分混淆,移植到LLVM-16.0.x,使用NewPassManager☆121Updated last year
- SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.☆85Updated 6 months ago
- an obfuscator based on LLVM which can obfuscate the program execution trajectory☆103Updated 4 years ago
- Finding Truth in the Shadows☆89Updated 2 years ago
- windows rootkit☆59Updated 11 months ago
- Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…☆198Updated 5 months ago
- Kernel ReClassEx☆61Updated last year
- Windows PDB parser for kernel-mode environment.☆95Updated 2 years ago
- ZeroImport is a lightweight and easy to use C++ library for Windows Kernel Drivers. It allows you to hide any import in your kernel drive…☆48Updated 2 years ago
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆134Updated 7 months ago
- A devirtualization engine for Themida.☆100Updated last year
- Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post☆60Updated 7 months ago
- A library to assist with memory & code protection.☆55Updated last year
- Reverse engineering winapi function loadlibrary.☆189Updated 2 years ago
- Load dll with undocumented functions and debug symbols☆47Updated 8 months ago
- spoof return address☆73Updated last year
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆110Updated 3 years ago
- Kernel driver for detecting Intel VT-x hypervisors.☆179Updated last year
- PoC kernel to usermode injection☆79Updated last year