sha0coder / mwemuLinks
x86 malware emulator
☆221Updated this week
Alternatives and similar repositories for mwemu
Users that are interested in mwemu are comparing it to the libraries listed below
Sorting:
- Static Binary Instrumentation tool for Windows x64 executables☆203Updated 3 weeks ago
- Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard☆245Updated 2 years ago
- Yet another variant of Process Hollowing☆395Updated 4 months ago
- msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.☆151Updated last year
- BYOVD: Loading dbk64.sys and grabbing a handle to it☆151Updated 2 years ago
- A DTrace on Windows Reimplementation☆348Updated 3 months ago
- Reverse engineered source code of the autochk rootkit☆202Updated 5 years ago
- A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.☆178Updated last month
- FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++17!☆332Updated 2 years ago
- HashDB API hash lookup plugin for IDA Pro☆319Updated 7 months ago
- Kernel Exploits☆253Updated 3 years ago
- PoC capable of detecting manual syscalls from usermode.☆196Updated 6 months ago
- Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).☆142Updated 9 months ago
- Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks☆361Updated 7 months ago
- Local privilege escalation PoC exploit for CVE-2019-16098☆193Updated 5 years ago
- ☆101Updated 2 years ago
- ☆298Updated 4 years ago
- A command line Windows API tracing tool for Golang binaries.☆154Updated last year
- Rust Demangler & Normalizer plugin for IDA☆332Updated last year
- Call stack spoofing for Rust☆335Updated 3 months ago
- Advanced driver monitoring utility.☆210Updated 2 years ago
- Rusty Injection - Shellcode Reflective DLL Injection (sRDI) in Rust (Codename: Venom)☆339Updated last year
- Web-based tool that allows comparing symbol, type and syscall information of Microsoft Windows binaries across different versions of the …☆344Updated last month
- ☆161Updated 3 years ago
- 🗜️ A packer for Windows x86 executable files written in C and Intel x86 Assembly. The new file after packing can obstruct reverse engine…☆343Updated 7 months ago
- Bootkit for Windows Sandbox to disable DSE/PatchGuard.☆280Updated 7 months ago
- A tool that is used to hunt vulnerabilities in x64 WDM drivers☆199Updated 2 months ago
- A more stealthy variant of "DLL hollowing"☆347Updated last year
- HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.☆675Updated last year
- Abusing exceptions for code execution.☆111Updated 2 years ago