mrexodia / driver_unpackingLinks
Ghetto user mode emulation of Windows kernel drivers.
☆139Updated 7 months ago
Alternatives and similar repositories for driver_unpacking
Users that are interested in driver_unpacking are comparing it to the libraries listed below
Sorting:
- A devirtualization engine for Themida.☆100Updated last year
- C++ library for parsing and manipulating PE files statically and dynamically.☆87Updated last year
- unorthodox approach to analyze a trace, but this helped me get comfy with x64 instructions overall (excluding sse/avx/etc lol), cleared u…☆60Updated last year
- Kernel driver for detecting Intel VT-x hypervisors.☆184Updated last year
- 🪝 Different aproaches to detecting EPT hooks☆109Updated 3 years ago
- ☆44Updated 2 years ago
- Kernel ReClassEx☆62Updated last year
- nmi stackwalking + module verification☆119Updated last year
- PE-Dump-Fixer☆105Updated 5 years ago
- Obfuscate calls to imports by patching in stubs☆68Updated 3 years ago
- ☆153Updated 5 years ago
- Resolve DOS MZ executable symbols at runtime☆95Updated 3 years ago
- based on https://github.com/secrary/Hooking-via-InstrumentationCallback☆71Updated 5 years ago
- A proof of concept demonstrating instrumentation callbacks on Windows 10 21h1 with a TLS variable to ensure all syscalls are caught.☆136Updated 3 years ago
- Windows PDB parser for kernel-mode environment.☆97Updated 2 years ago
- A basic 100 loc CPU emulator using the existing code of ntoskrnl.exe☆70Updated last year
- Browse Page Tables on Windows (Page Table Viewer)☆202Updated 3 years ago
- VM devirtualization PoC based on AsmJit and llvm☆114Updated 3 years ago
- ☆97Updated 7 years ago
- ☆143Updated 4 years ago
- VMProtect, VMP, Devirter, 3,5☆107Updated 2 years ago
- a minimalistic windows hypervisor for amd processors☆106Updated 2 years ago
- Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…☆121Updated 2 years ago
- A x86 environment emulator for Windows user and kernel binaries.☆58Updated this week
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆142Updated 9 months ago
- Handling C++ & __try exceptions without the need of built-in handlers.☆71Updated 3 years ago
- DSE & PG bypass via BYOVD attack☆51Updated last year
- Intercepting DeviceControl via WPP☆133Updated 5 years ago
- A simple ida python script to find .data ptr☆50Updated 2 years ago
- This project migrated to https://github.com/backengineering/llvm-msvc☆82Updated last year