mrphrazer / r2con2021_deobfuscationView external linksLinks
Workshop Material on VM-based Deobfuscation
☆196Oct 20, 2021Updated 4 years ago
Alternatives and similar repositories for r2con2021_deobfuscation
Users that are interested in r2con2021_deobfuscation are comparing it to the libraries listed below
Sorting:
- Control-flow-flattening and string deobfuscator☆160Nov 8, 2021Updated 4 years ago
- ☆72Jul 8, 2021Updated 4 years ago
- Code deobfuscation framework to simplify Mixed Boolean-Arithmetic (MBA) expressions☆344Feb 2, 2026Updated last week
- Collection of obfuscation, tamper-proofing, and watermarking algorithms targeting LLVM IR.☆76Nov 12, 2019Updated 6 years ago
- ☆76Sep 30, 2021Updated 4 years ago
- ☆56Feb 27, 2020Updated 5 years ago
- MODeflattener deobfuscates control flow flattened functions obfuscated by OLLVM using Miasm.☆203Jul 23, 2021Updated 4 years ago
- Universal x86/x64 VMProtect 2.0-3.X Import fixer☆20Dec 29, 2021Updated 4 years ago
- Dynamic Taint Analysis versus Obfuscated Self-Checking☆16Sep 5, 2021Updated 4 years ago
- Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.☆643Jan 28, 2025Updated last year
- WslinkVMAnalyzer is a tool to facilitate analysis of code protected by a virtual machine featured in Wslink malware☆48Jun 5, 2022Updated 3 years ago
- Greybox Synthesizer geared for deobfuscation of assembly instructions.☆166Feb 16, 2025Updated 11 months ago
- Binary Ninja plugin for exploring Structured Exception Handlers☆82Jun 6, 2024Updated last year
- Playing with the VMProtect software protection. Automatic deobfuscation of pure functions using symbolic execution and LLVM.☆1,384Jun 11, 2022Updated 3 years ago
- IDA plugin to pinpoint obfuscated code☆144Apr 29, 2022Updated 3 years ago
- VM devirtualization PoC based on AsmJit and llvm☆123Sep 14, 2021Updated 4 years ago
- An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in gen…☆854Feb 2, 2024Updated 2 years ago
- ☆421Jan 1, 2025Updated last year
- Binary Ninja plugin to identify obfuscated code and other interesting code constructs☆650Mar 14, 2025Updated 11 months ago
- Analyze patches in a process☆259Jul 28, 2021Updated 4 years ago
- Assets for the "Tickling VMProtect with LLVM" blog post.☆166Sep 16, 2021Updated 4 years ago
- A DTrace on Windows Reimplementation☆369Feb 3, 2026Updated last week
- A Trace Explorer for Reverse Engineers☆1,514Oct 23, 2023Updated 2 years ago
- A VMP to VTIL lifter.☆446May 20, 2021Updated 4 years ago
- Yet Another Not So Obfuscated LLVM☆386May 30, 2024Updated last year
- Time Travel Debugging IDA plugin☆593Jun 27, 2024Updated last year
- ☆31Jan 12, 2022Updated 4 years ago
- Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories☆1,159Nov 14, 2020Updated 5 years ago
- devirtualization vmprotect☆65Mar 11, 2023Updated 2 years ago
- A dynamic VMP dumper and import fixer, powered by VTIL.☆1,320Nov 4, 2020Updated 5 years ago
- Binary Ninja plugin for automating VMProtect analysis☆64Dec 2, 2022Updated 3 years ago
- An application to view and filter pool allocations from a dmp file on Windows 10 RS5+.☆149Mar 2, 2023Updated 2 years ago
- Hex-Rays microcode API plugin for breaking an obfuscating compiler☆792Feb 22, 2021Updated 4 years ago
- A repository of IDA Databases and Binaries used for the analysis of popular commercial virtual-machine obfuscators☆72Oct 7, 2022Updated 3 years ago
- An Interactive Binary Patching Plugin for IDA Pro☆1,216Nov 24, 2024Updated last year
- Binary Ninja plugin that can be used to apply Triton's dead store eliminitation pass on basic blocks or functions.☆64Jul 17, 2024Updated last year
- VMAttack PlugIn for IDA Pro☆866Nov 30, 2017Updated 8 years ago
- VMUnprotect can dynamically log and manipulate calls from virtualized methods by VMProtect.☆479Apr 16, 2023Updated 2 years ago
- Alternative API for IDA / Hex-Rays☆75Sep 18, 2023Updated 2 years ago