Lightweight Intel VT-x Hypervisor.

A cross-platform library for verifying Authenticode signatures

A cross-platform rust no-std library for verifying and extracting signature information from PE files.

Hells Hollow Windows 11 Rootkit technique to Hook the SSDT via Alt Syscalls

A hooking library with a MinHook-like API and a Detours-like implementation, with support for the x86, x64, and ARM64 platforms

This guide teaches you how to stand on the shoulders of giants and use open source projects to make your own private firmware.（Pcileech-DMA）

Windows 10/11 x64 HWID spoofer (kernel-mode) - disk, SMBIOS, CPU ID, and more.

alternative smm driver for ryzen motherboards

A build project for ONNX Runtime

A build project for ONNX Runtime

SimpleSvmHook is a research purpose hypervisor for Windows on AMD processors.

Reverse Engineering and Malware Analysis Roadmap

Obfusk8: lightweight Obfuscation library based on C++17 / Header Only for windows binaries

a C\C++ library and command-line tools for Diff & Patch between binary files or directories(folder); cross-platform; runs fast; create small delta/differential; support large files and limit memory…

Core emulator components for Icicle

🪅 Windows User Space Emulator

mimalloc is a compact general purpose allocator with excellent performance.

Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.

Bochs - Cross Platform x86 Emulator Project

bddisasm is a fast, lightweight, x86/x64 instruction decoder. The project also features a fast, basic, x86/x64 instruction emulator, designed specifically to detect shellcode-like behavior.

Source code of Windows XP (NT5). Leaks are not from me. I just extracted the archive and cabinet files.

A miniature, portable version of bsdiff.

Assembler for MSP430, dsPIC, ARM, MIPS, 65xx, 68000, 8051/8052, Atmel AVR8, and others.

RPC Monitor tool based on Event Tracing for Windows

Intel VT-x based hypervisor aiming to provide a thin VM-exit filtering platform on Windows.

Uses Threat-Intelligence ETW events to identify shellcode regions being hidden by fluctuating memory protections

InfinityHookPro Win7 -> Win11 latest

X Certificate and Key management

Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, T…

🧪 Hypervisor with EPT hooking support.