Alternatives and similar repositories for mwemu

Users that are interested in mwemu are comparing it to the libraries listed below

• Sentinel-One / peafl64
  Static Binary Instrumentation tool for Windows x64 executables
  ☆203Updated 3 weeks ago
• KiFilterFiberContext / warbird-hook
  Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard
  ☆245Updated 2 years ago
• hasherezade / process_overwriting
  Yet another variant of Process Hollowing
  ☆395Updated 4 months ago
• alexander-hanel / msdocsviewer
  msdocsviewer is a simple tool that parses Microsoft's win32 API and driver documentation to be used within IDA.
  ☆151Updated last year
• ioncodes / ceload
  BYOVD: Loading dbk64.sys and grabbing a handle to it
  ☆151Updated 2 years ago
• mandiant / STrace
  A DTrace on Windows Reimplementation
  ☆348Updated 3 months ago
• repnz / autochk-rootkit
  Reverse engineered source code of the autochk rootkit
  ☆202Updated 5 years ago
• hasherezade / masm_shc
  A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.
  ☆178Updated last month
• crummie5 / FreshyCalls
  FreshyCalls tries to make the use of syscalls comfortable and simple, without generating too much boilerplate and in modern C++17!
  ☆332Updated 2 years ago
• OALabs / hashdb-ida
  HashDB API hash lookup plugin for IDA Pro
  ☆319Updated 7 months ago
• connormcgarr / Kernel-Exploits
  Kernel Exploits
  ☆253Updated 3 years ago
• jackullrich / syscall-detect
  PoC capable of detecting manual syscalls from usermode.
  ☆196Updated 6 months ago
• Dump-GUY / IDA_PHNT_TYPES
  Converted phnt (Native API header files from the System Informer project) to IDA TIL, IDC (Hex-Rays).
  ☆142Updated 9 months ago
• VoidSec / DriverBuddyReloaded
  Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks
  ☆361Updated 7 months ago
• Barakat / CVE-2019-16098
  Local privilege escalation PoC exploit for CVE-2019-16098
  ☆193Updated 5 years ago
• NozomiNetworks / upx-recovery-tool
  ☆101Updated 2 years ago
• rajiv2790 / FalconEye
  ☆298Updated 4 years ago
• leandrofroes / gftrace
  A command line Windows API tracing tool for Golang binaries.
  ☆154Updated last year
• timetravelthree / IDARustDemangler
  Rust Demangler & Normalizer plugin for IDA
  ☆332Updated last year
• Kudaes / Unwinder
  Call stack spoofing for Rust
  ☆335Updated 3 months ago
• Fyyre / DrvMon
  Advanced driver monitoring utility.
  ☆210Updated 2 years ago
• memN0ps / venom-rs
  Rusty Injection - Shellcode Reflective DLL Injection (sRDI) in Rust (Codename: Venom)
  ☆339Updated last year
• ergrelet / windiff
  Web-based tool that allows comparing symbol, type and syscall information of Microsoft Windows binaries across different versions of the …
  ☆344Updated last month
• waleedassar / RestrictedKernelLeaks
  ☆161Updated 3 years ago
• czs108 / Windows-PE-Packer
  🗜️ A packer for Windows x86 executable files written in C and Intel x86 Assembly. The new file after packing can obstruct reverse engine…
  ☆343Updated 7 months ago
• thesecretclub / SandboxBootkit
  Bootkit for Windows Sandbox to disable DSE/PatchGuard.
  ☆280Updated 7 months ago
• zeze-zeze / ioctlance
  A tool that is used to hunt vulnerabilities in x64 WDM drivers
  ☆199Updated 2 months ago
• hasherezade / module_overloading
  A more stealthy variant of "DLL hollowing"
  ☆347Updated last year
• Dec0ne / HWSyscalls
  HWSyscalls is a new method to execute indirect syscalls using HWBP, HalosGate and a synthetic trampoline on kernel32 with HWBP.
  ☆675Updated last year
• D4stiny / ExceptionOrientedProgramming
  Abusing exceptions for code execution.
  ☆111Updated 2 years ago