mrexodia / driver_unpackingLinks
Ghetto user mode emulation of Windows kernel drivers.
☆140Updated 8 months ago
Alternatives and similar repositories for driver_unpacking
Users that are interested in driver_unpacking are comparing it to the libraries listed below
Sorting:
- A devirtualization engine for Themida.☆100Updated last year
- unorthodox approach to analyze a trace, but this helped me get comfy with x64 instructions overall (excluding sse/avx/etc lol), cleared u…☆60Updated last year
- C++ library for parsing and manipulating PE files statically and dynamically.☆88Updated last year
- Kernel driver for detecting Intel VT-x hypervisors.☆188Updated last year
- 🪝 Different aproaches to detecting EPT hooks☆112Updated 3 years ago
- ☆53Updated 2 years ago
- Obfuscate calls to imports by patching in stubs☆69Updated 3 years ago
- A x86 CPU & Environment emulator for Windows user and kernel binaries.☆104Updated 2 weeks ago
- VMProtect, VMP, Devirter, 3,5☆107Updated 2 years ago
- A repository of IDA Databases and Binaries used for the analysis of popular commercial virtual-machine obfuscators☆70Updated 2 years ago
- PE-Dump-Fixer☆108Updated 5 years ago
- nmi stackwalking + module verification☆124Updated last year
- based on https://github.com/secrary/Hooking-via-InstrumentationCallback☆71Updated 5 years ago
- Browse Page Tables on Windows (Page Table Viewer)☆210Updated 3 years ago
- A basic 100 loc CPU emulator using the existing code of ntoskrnl.exe☆71Updated last year
- ☆97Updated 7 years ago
- VM devirtualization PoC based on AsmJit and llvm☆114Updated 3 years ago
- Kernel ReClassEx☆62Updated last year
- ☆145Updated 4 years ago
- Intercepting DeviceControl via WPP☆134Updated 5 years ago
- Windows PDB parser for kernel-mode environment.☆97Updated 2 weeks ago
- ☆153Updated 5 years ago
- A Hyper-V Hacking Framework For Windows 10 x64 (AMD & Intel)☆70Updated last year
- Some psuedo snippets from BattlEye's BEDaisy.sys loaded on Rainbow Six: Siege.☆124Updated 3 years ago
- A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.☆136Updated 3 years ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆122Updated 2 years ago
- A simple ida python script to find .data ptr☆51Updated 2 years ago
- Resolve DOS MZ executable symbols at runtime☆95Updated 3 years ago
- Binary rewriter for 64-bit PE files.☆76Updated last year
- x64 syscall caller in C++.☆90Updated 7 years ago