Alternatives and similar repositories for NHook

Users that are interested in NHook are comparing it to the libraries listed below

• ZehMatt / zyemu
  x86-64 user mode emulation using Zydis
  ☆47Updated 5 months ago
• mmert11 / binaryshield-devirtualizer
  llvm powered deobfuscation of a vm-based protection
  ☆36Updated 2 months ago
• Nitr0-G / Rework-part-of-z3-proving
  This is the PoC of a dynamic lifter and deobfuscator with collecting trace.
  ☆34Updated last year
• therealdreg / ida_vmware_windows_gdb
  Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols)
  ☆66Updated last year
• repnz / windows-imports-searcher
  Support Windows OS Reversing by searching easily for references to functions across many DLLs
  ☆34Updated 3 years ago
• AzzOnFire / emuit
  Easy-to-use IDA plugin for code emulation
  ☆33Updated last year
• m417z / x64dbg-symbol-tldr
  An x64dbg plugin which helps make sense of long C++ symbols
  ☆59Updated 2 years ago
• Midi12 / QueryWorkingSetExample
  Just an example of a well-known technique to detect memory tampering via Windows Working Sets.
  ☆16Updated 3 years ago
• archercreat / api-tracer
  api-tracer is a tiny (useless) tracer
  ☆14Updated 2 years ago
• ElvisBlue / emotet-deobfuscator
  IDA plugin to deobfuscate emotet CFF
  ☆18Updated 3 years ago
• sh4m2hwz / VMPSimplifierUltra
  Simplifier vmp ultra
  ☆18Updated last year
• Nero22k / Kernel-Programming-2023
  Repository of different kernel drivers written while studying Windows NT Driver development
  ☆12Updated last year
• h311d1n3r / LetsHook
  A Windows API hooking library !
  ☆31Updated 2 years ago
• malware-unicorn / pteroioctl-hook
  A driver to implement IOCTL hooking
  ☆24Updated 3 years ago
• Nitr0-G / SVM-Hypervisor
  This is a ring -1 header framework in order to simplify the creation of hypervisors on SVM
  ☆24Updated last year
• HongThatCong / IDA_TILs
  IDA Type Info Libraries for RE
  ☆31Updated 5 months ago
• AsuNa-jp / HotkeybasedKeyloggerDetector
  ☆18Updated 4 months ago
• ergrelet / themida-unmutate-bn
  A Binary Ninja plugin to deobfuscate Themida, WinLicense and Code Virtualizer 3.x's mutation-based obfuscation.
  ☆31Updated 10 months ago
• samrussell / vmprotect_binja_plugin
  Binary Ninja plugin for automating VMProtect analysis
  ☆61Updated 2 years ago
• NewWorldComingSoon / llvm-msvc-windows-driver-template
  Windows kernel driver template for cmkr and llvm-msvc.
  ☆35Updated last year
• vmallet / ida-describekey
  IDA plugin to quickly learn what a shortcut does
  ☆10Updated 3 years ago
• rivitna / emu_ida
  ☆15Updated 2 years ago
• milankovo / zydisinfo
  ☆21Updated 4 months ago
• Fatmike-GH / Fatpack
  A Windows executable (PE) packer (x64) with LZMA compression and with full TLS (Thread Local Storage) support
  ☆57Updated last week
• backengineering / pdbgen2
  Generate a PDB file given the old PDB file and an address mapping
  ☆48Updated 3 months ago
• jonomango / pe-builder
  Header-only C++ library for producing PE files.
  ☆33Updated 2 years ago
• oopsmishap / ida-forge
  ☆13Updated 4 months ago
• un4ckn0wl3z / PCIE-Detector
  Sample/PoC Windows kernel driver for detect DMA devices by using Vendor ID and Device ID signatures
  ☆36Updated 9 months ago
• ergrelet / themida-spotter-bn
  A Binary Ninja plugin to detect Themida, WinLicense and Code Virtualizer's obfuscated code locations.
  ☆82Updated 10 months ago
• kkent030315 / detect-anyrun
  ANY.RUN sandbox detection collection
  ☆19Updated 10 months ago