keowu / birosca
A Dynamic Study Vmprotect 1.x-1.9X Unpacking Toolkit, Recovery OEP, FIX PE, IAT and bypass protection with custom Loader and interceptor vmexit(aka context exchange) from packer stub.
☆27Updated last year
Related projects: ⓘ
- sample bypass anti-anti-debug tool by race condition☆23Updated 2 years ago
- just proof of concept. hooking MmCopyMemory PG safe.☆60Updated 10 months ago
- Attempts to decrypt JM Xorstr in some x64 binaries☆46Updated last year
- ☆46Updated last year
- A proof of concept demonstrating communication via mapped shared memory structures between a user-mode process and a kernel-mode payload …☆73Updated 3 years ago
- KDM Is a driver that will dumps every drivers that got manually mapped with kdmapper.☆48Updated 2 years ago
- PAGE_GUARD based hooking library☆38Updated 2 years ago
- unorthodox approach to analyze a trace, but this helped me get comfy with x64 instructions overall (excluding sse/avx/etc lol), cleared u…☆49Updated 7 months ago
- PoC over some VMP features☆12Updated 7 months ago
- A devirtualization engine for Themida.☆81Updated 6 months ago
- Some usefull info when reverse engineering Kernel Mode Anti-Cheat☆66Updated last year
- Improved VMP Idea(detect anti-anti-debug tools by bug)☆18Updated last year
- PointerGuard is a proof-of-concept tool used to create 'guarded' pointers which disguise pointer addresses, monitor reads/writes, and pre…☆48Updated 2 years ago
- PE-Dump-Fixer☆100Updated 4 years ago
- x64 Windows kernel driver mapper, inject unsigned driver using anycall☆103Updated 7 months ago
- ☆53Updated this week
- ☆39Updated 2 years ago
- Library to manipulate drivers that expose a physical memory read/write primitive.☆20Updated last year
- Discarded Section Manual Map☆65Updated 4 years ago
- ☆20Updated this week
- ☆20Updated last year
- ☆40Updated 2 years ago
- A lightweight BattlEye emulator of the launcher☆57Updated 2 years ago
- ☆26Updated 9 months ago
- ☆82Updated this week
- POC Hook of nt!HvcallCodeVa☆49Updated last year
- Freeze target threads (external - internal ) by avoiding SuspendThread detections. Or access registers from start address.☆29Updated 5 months ago
- ☆62Updated this week
- ☆33Updated this week
- mouseclassservicecallback detection via hook☆46Updated 2 years ago