Ghetto user mode emulation of Windows kernel drivers.
☆160Oct 20, 2024Updated last year
Alternatives and similar repositories for driver_unpacking
Users that are interested in driver_unpacking are comparing it to the libraries listed below
Sorting:
- more at http://www.zer0mem.sk/?p=271☆12Jun 11, 2013Updated 12 years ago
- ☆14Jan 10, 2017Updated 9 years ago
- Emulate Drivers in RING3 with self context mapping or unicorn☆365Aug 18, 2022Updated 3 years ago
- Kernel driver for detecting Intel VT-x hypervisors.☆197Jul 11, 2023Updated 2 years ago
- Easy Anti PatchGuard☆223Apr 9, 2021Updated 4 years ago
- Native code virtualizer for x64 binaries☆517Dec 20, 2024Updated last year
- Hooking SSDT with Avast Internet Security Hypervisor☆115Apr 6, 2019Updated 6 years ago
- This is a ring -1 header framework in order to simplify the creation of hypervisors on SVM☆28Nov 6, 2023Updated 2 years ago
- This program remaps its image to prevent the page protection of pages contained in the image from being modified via NtProtectVirtualMemo…☆632Mar 19, 2019Updated 6 years ago
- ☆15Oct 7, 2020Updated 5 years ago
- x86-64 code/pe virtualizer☆206Dec 2, 2024Updated last year
- An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in gen…☆855Feb 2, 2024Updated 2 years ago
- Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.☆657Jan 28, 2025Updated last year
- usermode standalone kernel interface☆111Jul 9, 2018Updated 7 years ago
- The Grimoire Hypervisor solution for x86 Processors with experimental nested virtualization support. Remastering with Rust in progress.☆615Feb 24, 2026Updated last week
- ☆23May 8, 2023Updated 2 years ago
- Windows inline hooking tool.☆298Oct 7, 2018Updated 7 years ago
- A library for intel VT-x hypervisor functionality supporting EPT shadowing.☆51Mar 11, 2021Updated 4 years ago
- Experimental disassembler for x86 binaries virtualized by VMProtect 3☆99Aug 27, 2022Updated 3 years ago
- Fix VMProtect 3.xx (tested 3.0.9 to 3.5.0)☆18Feb 1, 2022Updated 4 years ago
- base for testing☆186Sep 28, 2024Updated last year
- c++ implementation of windows heavens gate☆70Feb 12, 2021Updated 5 years ago
- 09/2021 reversal of EasyAntiCheat driver☆235Dec 21, 2021Updated 4 years ago
- Hooking Windows' exception dispatcher to protect process's PML4☆228Jan 24, 2025Updated last year
- ☆99Oct 6, 2017Updated 8 years ago
- A hypervisor hiding user-mode memory using EPT☆107Jan 28, 2018Updated 8 years ago
- Defeating Patchguard universally for Windows 8, Windows 8.1 and all versions of Windows 10 regardless of HVCI.☆902Nov 21, 2019Updated 6 years ago
- unicorn emulator for x64dbg☆34Feb 21, 2018Updated 8 years ago
- Шаблон полнофункционального драйвера и обёртки над ядерным API☆114Aug 28, 2016Updated 9 years ago
- Translates WinDbg "dt" structure dump to a C structure☆133Oct 16, 2016Updated 9 years ago
- Browse Page Tables on Windows (Page Table Viewer)☆234Apr 2, 2022Updated 3 years ago
- RunPE dump - I wrote this to have better control over the analysis of malwares. I can stop and analysis malware when it uses some of the …☆10Jul 1, 2015Updated 10 years ago
- Static deobfuscator for Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.☆330Jul 29, 2024Updated last year
- A minimalistic educational hypervisor for Windows on AMD processors.☆531Mar 3, 2025Updated last year
- Example library for how to dynamically/statically hook/intercept unmanaged functions and APIs☆13Nov 9, 2022Updated 3 years ago
- An aggregate of tools used in the core of vmp_dbg plus other parsing utils to parse vmp bc.☆16Oct 18, 2016Updated 9 years ago
- Deobfuscation via optimization with usage of LLVM IR and parsing assembly.☆772Sep 29, 2025Updated 5 months ago
- x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration☆388Jul 6, 2022Updated 3 years ago
- Unicorn PE is an unicorn based instrumentation project designed to emulate code execution for windows PE files.☆915Dec 29, 2025Updated 2 months ago