x86 malware emulator
☆289Jan 30, 2026Updated last month
Alternatives and similar repositories for mwemu
Users that are interested in mwemu are comparing it to the libraries listed below
Sorting:
- SCEMU The crates.io lib, x86 cpu and systems emulator focused mainly for anti-malware☆47Dec 27, 2024Updated last year
- Windows kernel and user mode emulation.☆1,868Mar 2, 2026Updated last week
- Control-flow-flattening and string deobfuscator☆160Nov 8, 2021Updated 4 years ago
- Emulate Drivers in RING3 with self context mapping or unicorn☆366Aug 18, 2022Updated 3 years ago
- An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in gen…☆856Feb 2, 2024Updated 2 years ago
- How Meltdown and Spectre haunt Anti-Cheat: DVRT details☆22Aug 21, 2024Updated last year
- AMD Hypervisor written writh Rust.☆163Sep 14, 2023Updated 2 years ago
- Collection of obfuscation, tamper-proofing, and watermarking algorithms targeting LLVM IR.☆76Nov 12, 2019Updated 6 years ago
- A library for intel VT-x hypervisor functionality supporting EPT shadowing.☆51Mar 11, 2021Updated 4 years ago
- CFB is a ProcMon-style tool designed to assist capturing IRPs sent to Windows drivers.☆333Mar 26, 2024Updated last year
- Binary Ninja plugin for exploring Structured Exception Handlers☆83Jun 6, 2024Updated last year
- Efficient general mixed boolean-arithmetic (MBA) simplifier☆124Mar 1, 2026Updated last week
- X86 Mutation Engine with Portable Executable compatibility.☆535May 24, 2022Updated 3 years ago
- A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.☆92Jul 28, 2024Updated last year
- Binary Ninja plugin for automating VMProtect analysis☆63Dec 2, 2022Updated 3 years ago
- LLVM based static binary analysis framework☆303Apr 2, 2025Updated 11 months ago
- A demonstration of hooking into the VMProtect-2 virtual machine☆24Nov 9, 2023Updated 2 years ago
- A DTrace on Windows Reimplementation☆372Feb 3, 2026Updated last month
- A binary analysis framework written in Rust.☆177Mar 1, 2026Updated last week
- x86-64 virtualizing obfuscator written in Rust☆78Nov 16, 2023Updated 2 years ago
- x64 PE-COFF virtualization driven obfuscation engine☆58Oct 14, 2022Updated 3 years ago
- IDA Pro plugin to make bitfield accesses easier to grep☆254Aug 3, 2025Updated 7 months ago
- Deobfuscation via optimization with usage of LLVM IR and parsing assembly.☆776Updated this week
- Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols)☆68Aug 11, 2023Updated 2 years ago
- x86-64 Automated test data generator☆26Aug 18, 2025Updated 6 months ago
- LLVM based devirtualization PoC’s.☆21Dec 11, 2021Updated 4 years ago
- Output high level Pcode (PcodeAST) in Ghidra☆16Apr 7, 2023Updated 2 years ago
- ☆13Sep 25, 2023Updated 2 years ago
- Lightweight, memory-safe, zero-allocation library for reading and navigating PE binaries.☆337Aug 22, 2025Updated 6 months ago
- Ghetto user mode emulation of Windows kernel drivers.☆160Oct 20, 2024Updated last year
- Experimental disassembler for x86 binaries virtualized by VMProtect 3☆98Aug 27, 2022Updated 3 years ago
- ☆424Jan 1, 2025Updated last year
- Unicorn PE is an unicorn based instrumentation project designed to emulate code execution for windows PE files.☆913Dec 29, 2025Updated 2 months ago
- Dynamic unpacker based on PE-sieve☆799Sep 13, 2025Updated 5 months ago
- Static Binary Instrumentation tool for Windows x64 executables☆206Sep 29, 2025Updated 5 months ago
- Universal x86/x64 VMProtect 2.0-3.X Import fixer☆21Dec 29, 2021Updated 4 years ago
- Exemplary LLVM function pass implementing Control Flow Flattening.☆17May 2, 2018Updated 7 years ago
- A VMP to VTIL lifter.☆445May 20, 2021Updated 4 years ago
- SHAREM is a shellcode analysis framework, capable of emulating more than 20,000 WinAPIs and virutally all Windows syscalls. It also conta…☆479Jun 25, 2025Updated 8 months ago