wallds / NoVmpy
☆377Updated last year
Related projects: ⓘ
- Deobfuscation via optimization with usage of LLVM IR and parsing assembly.☆308Updated last week
- ☆260Updated this week
- VMProtect 2.x-3.x x64 Import Deobfuscator☆246Updated 8 months ago
- A VMP to VTIL lifter.☆419Updated 3 years ago
- Signature maker plugin for IDA 8.x and 9.x☆252Updated last week
- Emulate Drivers in RING3 with self context mapping or unicorn☆299Updated 2 years ago
- an ida plugin used to decompile vmp☆291Updated 2 months ago
- Fix VMProtect3 IAT☆252Updated 9 months ago
- Enhanced IDA Pro signature generator plugin.☆323Updated last month
- IDA Class Informer plugin for IDA 8.x☆134Updated 3 weeks ago
- Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.☆506Updated 3 weeks ago
- x64dbg plugin to bypass Themida 3.x Anti-Debugger / VM / Monitoring programs checks (x64)☆470Updated 3 years ago
- kernel-mode Anti-Anti-Debug plugin. based on intel vt-x && ept technology☆427Updated 3 years ago
- Source of VMProtect (NOT OFFICIALLY)☆181Updated last year
- VMProtect source code leak (incomplete, some important files are still missing, but you can still see it as a reference on how to virtual…☆152Updated 2 months ago
- Themida 3.x unpacking, unwrapping and devirtualization(future)☆155Updated last year
- An AVX Lifter for the Hex-Rays Decompiler☆284Updated last year
- VMUnprotect.Dumper can dynamically untamper VMProtected Assembly.☆313Updated 2 years ago
- VMUnprotect can dynamically log and manipulate calls from virtualized methods by VMProtect.☆421Updated last year
- Lightweight Intel VT-x Hypervisor.☆377Updated last year
- VMProtect 3.x Anti-debug Method Improved☆510Updated 5 years ago
- This program remaps its image to prevent the page protection of pages contained in the image from being modified via NtProtectVirtualMemo…☆556Updated 5 years ago
- Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks☆315Updated last year
- The program draws with win32k gdi functions in the kernel while NtGdiDdDDISubmitCommand is being hooked.☆241Updated 4 years ago
- Fix VMProtect Import Protection☆319Updated 3 years ago
- Single-header, minimalistic, cross-platform hook library written in pure C☆262Updated last month
- Debugger Anti-Detection Benchmark☆283Updated 9 months ago
- obfuscated any constant encryption in compile time on any platform☆396Updated last year
- IDA Pro plugin to make bitfield accesses easier to grep☆221Updated 5 months ago
- InfinityHookPro Win7 -> Win11 latest☆485Updated last year