domin568 / Anti-Debug-examples-Windows
Some examples of anti debug techniques used in malware or commercial products preventing analysts to debug code of app.
☆19Updated 4 years ago
Related projects: ⓘ
- unorthodox approach to analyze a trace, but this helped me get comfy with x64 instructions overall (excluding sse/avx/etc lol), cleared u…☆49Updated 7 months ago
- vdk is a set of utilities used to help with exploitation of a vulnerable driver.☆39Updated 2 years ago
- A repository of IDA Databases and Binaries used for the analysis of popular commercial virtual-machine obfuscators☆60Updated last year
- devirtualization vmprotect☆59Updated last year
- Code virtualizer☆20Updated 8 years ago
- ☆31Updated 7 months ago
- This is the PoC of a dynamic lifter and deobfuscator with collecting trace.☆30Updated 11 months ago
- Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols)☆57Updated last year
- Extensions for x64dbg written in Rust: Telescope and Unicorn powered disassembly☆23Updated last year
- Collection of obfuscation, tamper-proofing, and watermarking algorithms targeting LLVM IR.☆71Updated 4 years ago
- Binary Ninja plugin that can be used to apply Triton's dead store eliminitation pass on basic blocks or functions.☆56Updated 2 months ago
- A simple and heavily documented series of test hypervisors built for 64-bit Windows 10 systems running under Intel's VT-x☆29Updated 3 years ago
- ☆22Updated 11 months ago
- fix vmprotect import function used unicorn-engine.☆91Updated last year
- WinLicense key extraction via Intel PIN☆79Updated 5 months ago
- A reflexive driver loader to bypass Windows DSE (featuring a custom PE loader)☆37Updated 6 years ago
- IDA Plugin that fills in missing indirect CALL & JMP target information☆113Updated last year
- Collaboration platform for reverse engineering tools.☆38Updated 3 months ago
- Sample project for kernel debugging automation with Vagrant☆57Updated 4 years ago
- ☆30Updated 2 years ago
- This is a ring -1 header framework in order to simplify the creation of hypervisors on SVM☆22Updated 10 months ago
- Simple x64dbg plugin to save a full memory dump☆49Updated last year
- IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformati…☆101Updated 2 weeks ago
- Kernel ReClassEx☆58Updated 10 months ago
- Binary Ninja plugin for automating VMProtect analysis☆55Updated last year
- x64 Windows implementation of virtual-address to physical-address translation☆39Updated 3 years ago
- How Meltdown and Spectre haunt Anti-Cheat: DVRT details☆18Updated last month
- A collection of tools, source code, and papers researching Windows' implementation of CET.☆72Updated 3 years ago
- A devirtualization engine for Themida.☆81Updated 6 months ago
- How to setup Pycharm to run scripts in IDA using the Run menu (or a keybind)☆36Updated 3 months ago