dmaivel / covirt
An x86-64 code virtualizer for VM based obfuscation
☆109Updated 3 months ago
Alternatives and similar repositories for covirt:
Users that are interested in covirt are comparing it to the libraries listed below
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆117Updated last year
- Hooking Windows' exception dispatcher to protect process's PML4☆155Updated 2 months ago
- PoC Anti-Rootkit/Anti-Cheat Driver.☆184Updated 6 months ago
- ☆122Updated last year
- DSE & PG bypass via BYOVD attack☆43Updated 11 months ago
- Walks the CFG bitmap to find previously executable but currently hidden shellcode regions☆112Updated last year
- Achieve arbitrary kernel read/writes/function calling in Hypervisor-Protected Code Integrity (HVCI) protected environments calling withou…☆193Updated 5 months ago
- spoof return address☆73Updated last year
- compile-time control flow obfuscation using mba☆181Updated last year
- C++ macro for x64 programs that breaks ida hex-rays decompiler tool.☆100Updated 11 months ago
- Forked LLVM focused on MSVC Compatibility. This version is designed for windows users☆89Updated last month
- SMM driver/rootkit for platform memory access with R3 <-> R0 <-> R-2 communication.☆82Updated 5 months ago
- Finding Truth in the Shadows☆89Updated 2 years ago
- Reverse engineering winapi function loadlibrary.☆187Updated last year
- 整合Pluto-Obfuscator和goron部分混淆,移植到LLVM-16.0.x,使用NewPassManager☆121Updated last year
- Detects virtual machines and malware analysis environments☆119Updated 2 years ago
- Kernel ReClassEx☆65Updated last year
- An x86-64 Code Virtualizer☆245Updated 6 months ago
- A devirtualization engine for Themida.☆97Updated last year
- Makes IDA (most versions) to crash upon opening it.☆82Updated 6 months ago
- A set of LLVM and GCC based plugins that perform code obfuscation.☆120Updated 3 weeks ago
- Windows PDB parser for kernel-mode environment.☆95Updated 2 years ago
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆131Updated 7 months ago
- Binary rewriter for 64-bit PE files.☆70Updated last year
- windows rootkit☆58Updated 10 months ago
- Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections☆118Updated last year
- A Hyper-V Hacking Framework For Windows 10 x64 (AMD & Intel)☆53Updated last year
- Example of reading process memory through kernel special APC☆103Updated last year
- Kernel driver for detecting Intel VT-x hypervisors.☆178Updated last year
- This repo contains EXPs about Vulnerable Windows Driver☆37Updated 10 months ago