Ryūjin Protector - Is a Intel Arch - BIN2BIN - PE Obfuscation/Protection/DRM tool

A Windows Kernel Driver Emulator base on Unicorn, Kernel Memory Dump and some of native environment

Fast covert timing channel communication for inter-process and inter-processor communication on Windows systems.

PoC for popping a system shell against the LnvMSRIO.sys driver

Скрипт для установки Podkop + ByeDPI на OpenWRT.

简单的基于llvm实现vmp保护

Metamorphic cross-compilation of C++ & C-code to PIC, BOF & EXE.

Find out how to bypass HVCI (or not). My own research on Microsoft Warbird (specifically in clipsp.sys)

LLVM fork with explicit compatibility with MSVC 2022 features.

Automated multi-engine framework for unpacking, analyzing, and devirtualizing binaries protected by commercial and custom Virtual Machine based protectors. Combines Dynamic Taint Tracking, Symbolic…

Runtime Hyper-V Hijacking with DDMA

Yet another IDA Pro/Home plugin for deobfuscating stack strings

A fast Windows emulator + debugger for reverse engineering. Runs any executable in debug mode, disassembles with Zydis, emulates instructions, and skips Windows API calls via debugger for maximum s…

memory introspection and reverse engineering hypervisor powered by leveraging Hyper-V

Rewrite and obfuscate code in compiled binaries

Dark version of ReClassEx with some fixes

A set of Windows 10+/VS2022/C++14 tools for working with software modifications in two files (Detours.h, Detours.cpp).

Assembly-Export for IDA 9.0 Pro. Assemport exports all functions separately in an assembly file. This enables further processing by external tools such as an AI.

Make your IDA Lazy!

Simple VTable dumper for IDA 9.0+

Remove WPP calls from hexrays decompiled code

Attempts to decrypt JM Xorstr in some x64 binaries

A x86_64 software emulator

Obfusk8: lightweight Obfuscation library based on C++17 / Header Only for windows binaries

x64dbg plugin for cleaning Themida Mutation Assembly codes.

find dll base addresses without PEB WALK

Advanced VM detection library and tool