mike1k / peppLinks
C++ library for parsing and manipulating PE files statically and dynamically.
☆88Updated 2 years ago
Alternatives and similar repositories for pepp
Users that are interested in pepp are comparing it to the libraries listed below
Sorting:
- A devirtualization engine for Themida.☆101Updated last year
- Ghetto user mode emulation of Windows kernel drivers.☆146Updated 11 months ago
- Obfuscate calls to imports by patching in stubs☆72Updated 4 years ago
- unorthodox approach to analyze a trace, but this helped me get comfy with x64 instructions overall (excluding sse/avx/etc lol), cleared u…☆62Updated last year
- Kernel ReClassEx☆64Updated last year
- based on https://github.com/secrary/Hooking-via-InstrumentationCallback☆71Updated 5 years ago
- Binary rewriter for 64-bit PE files.☆84Updated last year
- PE-Dump-Fixer☆111Updated 5 years ago
- Windows PDB parser for kernel-mode environment.☆99Updated 3 months ago
- A x86_64 software emulator☆149Updated last month
- VM devirtualization PoC based on AsmJit and llvm☆117Updated 4 years ago
- A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.☆139Updated 3 years ago
- A PoC for requesting HWIDs directly from hardware, skipping any potential hooks or OS support.☆80Updated 4 years ago
- Kernel driver for detecting Intel VT-x hypervisors.☆193Updated 2 years ago
- A small tool for rapid enumeration of CPUID, and MSR fields.☆25Updated last year
- Enable SEH support for manual mapped x86-32bit PEs☆70Updated 6 years ago
- A repository of IDA Databases and Binaries used for the analysis of popular commercial virtual-machine obfuscators☆70Updated 2 years ago
- 🪝 Various EPT hook detection approaches☆127Updated 2 months ago
- Handling C++ & __try exceptions without the need of built-in handlers.☆72Updated 4 years ago
- This project migrated to https://github.com/backengineering/llvm-msvc☆84Updated 2 years ago
- Browse Page Tables on Windows (Page Table Viewer)☆216Updated 3 years ago
- Resolve DOS MZ executable symbols at runtime☆95Updated 3 years ago
- fix vmprotect import function used unicorn-engine.☆97Updated 2 years ago
- a minimalistic windows hypervisor for amd processors☆126Updated 3 years ago
- Experimental disassembler for x86 binaries virtualized by VMProtect 3☆96Updated 3 years ago
- A simple x86_64 AMD-v hypervisor type-2 Programmed with C++, with soon to be added syscall hooks. [W.I.P]☆102Updated 2 years ago
- x64 syscall caller in C++.☆93Updated 7 years ago
- Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.☆147Updated 3 years ago
- A basic 100 loc CPU emulator using the existing code of ntoskrnl.exe☆72Updated 2 years ago
- Intercepting DeviceControl via WPP☆135Updated 5 years ago