Stealth-focused Intel VT-x hypervisor base (EAC/BE/ACs/AVs).
☆79Mar 15, 2026Updated this week
Alternatives and similar repositories for Ophion
Users that are interested in Ophion are comparing it to the libraries listed below
Sorting:
- Advanced Rust code virtualization and obfuscation framework☆31Dec 16, 2025Updated 3 months ago
- use Cheat Engine as normal debugger☆18May 15, 2023Updated 2 years ago
- "Bypassing" HVCI via donor PFN swaps to modify read-only code pages. Call chained kernel functions (kCET and SLAT support), modify read-o…☆105Updated this week
- Create stealthy, inline, EPT-like hooks using SMAP and SMEP☆61Oct 19, 2024Updated last year
- Interprocess communication via a covert timing channel☆26Oct 24, 2025Updated 4 months ago
- ☆28Nov 24, 2024Updated last year
- nmi stackwalking + module verification☆164Dec 28, 2023Updated 2 years ago
- ☆158May 21, 2024Updated last year
- POC usermode <=> kernel communication via ALPC.☆72Jun 6, 2024Updated last year
- ☆15Oct 7, 2020Updated 5 years ago
- Intel learning hypervisor and some extend function☆23Aug 23, 2025Updated 6 months ago
- ☆93Jun 3, 2024Updated last year
- Binary lifter and deobfuscator using remill for x86_64 Windows binaries☆73Mar 10, 2026Updated last week
- base for testing☆187Sep 28, 2024Updated last year
- A better way to write shell code☆11May 28, 2021Updated 4 years ago
- IOCTL++ can be used to make DeviceIoControl requests with arbitrary inputs.☆35Oct 28, 2025Updated 4 months ago
- Harness to issue Virtual Secure Mode (VSM) "secure calls" from VTL 0 to VTL 1☆77Sep 8, 2025Updated 6 months ago
- ☆27Oct 16, 2017Updated 8 years ago
- Emulate Drivers in RING3 with self context mapping or unicorn☆366Aug 18, 2022Updated 3 years ago
- Simple KDMapper driver dumper. Unlike other dumpers, this dumper dumps the PE headers of the image too.☆17May 10, 2024Updated last year
- DRM Library for Windows (x64) in C++☆29Oct 15, 2025Updated 5 months ago
- page table manipulation to gain physical r/w☆44May 7, 2024Updated last year
- ☆24Jul 15, 2023Updated 2 years ago
- Find out how to bypass HVCI (or not). My own research on Microsoft Warbird (specifically in clipsp.sys)☆95Oct 26, 2025Updated 4 months ago
- Disable NMI Callbacks with Kernelmode Driver☆18Mar 15, 2023Updated 3 years ago
- ☆48Jul 7, 2024Updated last year
- Using the peculiar behaviour of the VPGATHER instructions to determine if an address will fault before it is truly accessed. All done in …☆55Dec 30, 2025Updated 2 months ago
- WinHvShellcodeEmulator (WHSE) is a shellcode emulator leveraging the Windows Hypervisor Platform API☆26Apr 24, 2022Updated 3 years ago
- stack based buffer overflow in MsIo64.sys, Proof of Concept Local Privilege Escalation to nt authority/system☆12Jun 7, 2021Updated 4 years ago
- ☆24May 17, 2022Updated 3 years ago
- kernel mode anti cheat☆646Aug 4, 2024Updated last year
- POC Hook of nt!HvcallCodeVa☆54May 8, 2023Updated 2 years ago
- x64dbg plugin for cleaning Themida Mutation Assembly codes.☆18May 14, 2025Updated 10 months ago
- Proof-of-concept game using VBS enclaves to protect itself from cheating☆51Nov 10, 2024Updated last year
- Hooking KPRCB IdlePreselect function to gain execution inside PID 0.☆73Apr 13, 2025Updated 11 months ago
- A PoC for requesting HWIDs directly from hardware, skipping any potential hooks or OS support.☆89Mar 16, 2021Updated 5 years ago
- A Windows Kernel Driver Emulator base on Unicorn, Kernel Memory Dump and some of native environment☆165Jan 15, 2026Updated 2 months ago
- ☆59Jun 8, 2022Updated 3 years ago
- A cross-platform C++ framework for building Windows shellcode☆163Mar 4, 2026Updated 2 weeks ago