mrexodia / driver_unpackingLinks
Ghetto user mode emulation of Windows kernel drivers.
☆146Updated 11 months ago
Alternatives and similar repositories for driver_unpacking
Users that are interested in driver_unpacking are comparing it to the libraries listed below
Sorting:
- A devirtualization engine for Themida.☆101Updated last year
- C++ library for parsing and manipulating PE files statically and dynamically.☆88Updated 2 years ago
- unorthodox approach to analyze a trace, but this helped me get comfy with x64 instructions overall (excluding sse/avx/etc lol), cleared u…☆62Updated last year
- PE-Dump-Fixer☆111Updated 5 years ago
- Kernel driver for detecting Intel VT-x hypervisors.☆193Updated 2 years ago
- 🪝 Various EPT hook detection approaches☆128Updated 2 months ago
- A x86_64 software emulator☆149Updated last month
- ☆58Updated 2 years ago
- a minimalistic windows hypervisor for amd processors☆126Updated 3 years ago
- Browse Page Tables on Windows (Page Table Viewer)☆216Updated 3 years ago
- A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.☆139Updated 3 years ago
- Kernel ReClassEx☆64Updated last year
- ☆153Updated 5 years ago
- VM devirtualization PoC based on AsmJit and llvm☆117Updated 4 years ago
- A repository of IDA Databases and Binaries used for the analysis of popular commercial virtual-machine obfuscators☆70Updated 2 years ago
- A Hyper-V Hacking Framework For Windows 10 x64 (AMD & Intel)☆88Updated 2 years ago
- A basic 100 loc CPU emulator using the existing code of ntoskrnl.exe☆72Updated 2 years ago
- A small tool for rapid enumeration of CPUID, and MSR fields.☆25Updated last year
- based on https://github.com/secrary/Hooking-via-InstrumentationCallback☆71Updated 5 years ago
- Intercepting DeviceControl via WPP☆136Updated 5 years ago
- Obfuscate calls to imports by patching in stubs☆72Updated 4 years ago
- A simple ida python script to find .data ptr☆52Updated 2 years ago
- Windows PDB parser for kernel-mode environment.☆99Updated 3 months ago
- x64dbg plugin for simple spoofing of CPUID instruction behavior☆95Updated 2 years ago
- nmi stackwalking + module verification☆133Updated last year
- Disks for DMA☆116Updated 4 years ago
- A portable header only library extending the C++20 STL.☆82Updated last year
- Binary rewriter for 64-bit PE files.☆84Updated last year
- Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.☆147Updated 3 years ago
- Cheat for my own game SecureGame which uses a bootkit to hyperjack Hyper-V in order to access VBS enclave's memory☆77Updated 9 months ago