mrexodia / driver_unpackingLinks
Ghetto user mode emulation of Windows kernel drivers.
☆149Updated last year
Alternatives and similar repositories for driver_unpacking
Users that are interested in driver_unpacking are comparing it to the libraries listed below
Sorting:
- unorthodox approach to analyze a trace, but this helped me get comfy with x64 instructions overall (excluding sse/avx/etc lol), cleared u…☆62Updated last year
- C++ library for parsing and manipulating PE files statically and dynamically.☆88Updated 2 years ago
- A devirtualization engine for Themida.☆101Updated last year
- Kernel driver for detecting Intel VT-x hypervisors.☆192Updated 2 years ago
- PE-Dump-Fixer☆111Updated 5 years ago
- A x86_64 software emulator☆154Updated 2 months ago
- 🪝 Various EPT hook detection approaches☆132Updated 2 months ago
- a minimalistic windows hypervisor for amd processors☆126Updated 3 years ago
- VM devirtualization PoC based on AsmJit and llvm☆112Updated 4 years ago
- A repository of IDA Databases and Binaries used for the analysis of popular commercial virtual-machine obfuscators☆70Updated 3 years ago
- ☆62Updated 2 years ago
- Kernel ReClassEx☆64Updated last year
- A basic 100 loc CPU emulator using the existing code of ntoskrnl.exe☆72Updated 2 years ago
- Browse Page Tables on Windows (Page Table Viewer)☆216Updated 3 years ago
- A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.☆142Updated 3 years ago
- A Hyper-V Hacking Framework For Windows 10 x64 (AMD & Intel)☆95Updated 2 years ago
- Binary rewriter for 64-bit PE files.☆85Updated last year
- A portable header only library extending the C++20 STL.☆86Updated last year
- Cheat for my own game SecureGame which uses a bootkit to hyperjack Hyper-V in order to access VBS enclave's memory☆82Updated 10 months ago
- ☆154Updated 5 years ago
- Intercepting DeviceControl via WPP☆136Updated 5 years ago
- Disks for DMA☆118Updated 4 years ago
- A small tool for rapid enumeration of CPUID, and MSR fields.☆26Updated last year
- based on https://github.com/secrary/Hooking-via-InstrumentationCallback☆71Updated 5 years ago
- A PoC for requesting HWIDs directly from hardware, skipping any potential hooks or OS support.☆81Updated 4 years ago
- Runtime Hyper-V Hijacking with DDMA☆64Updated 2 months ago
- A simple x86_64 AMD-v hypervisor type-2 Programmed with C++, with soon to be added syscall hooks. [W.I.P]☆103Updated 2 years ago
- reverse engineering of bedaisy.sys (battleyes kernel driver) - Aki2k/BEDaisy☆97Updated 5 years ago
- ☆98Updated 8 years ago
- Enable SEH support for manual mapped x86-32bit PEs☆69Updated 6 years ago