A static devirtualizer for VMProtect x64 3.x. powered by VTIL.

kernel mode anti cheat

Not mine, just saved

NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis (IEEE S&P '21)

Experiment to use sections as User/Kernelmode comm vector

Windows driver template, using C++20 & cmake & GithubActions

KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory

PE bin2bin obfuscator

too busy for that all, furikuri is framework for code protection

Spotify's drm(playplay) cryptography functions. cxx/js/python supported

x64 Dynamic Reverse Engineering Toolkit

D2D EFT

some gadgets about windows process and ready to use :)

fecurity executor from factory

从MmPfnData中枚举进程和页目录基址

Custom KiSystemStartup, can be used to modificate kernel before boot.

kinda custom data ptr swap communication method

A mapper that maps shellcode into loaded large page drivers

A multi-staged malware that contains a kernel mode rootkit and a remote system shell.

Collection of hypervisor detections

🗜️ A packer for Windows x86 executable files written in C and Intel x86 Assembly. The new file after packing can obstruct reverse engineering.

manual map unsigned driver over signed memory

A simple DLL injection protection driver.

Hypervisor based anti anti debug plugin for x64dbg

Windows System Explorer