Toolkit for precise Android/Linux process memory control, enabling reading, writing, module handling, and dynamic code manipulation.

Example showing how to use Frida for standalone injection of a custom payload

User mode file system library for windows with FUSE Wrapper

Android Shared Object Injector

Hygieia, a vulnerable driver traces scanner written in C++ as an x64 Windows kernel driver.

How to Make a Computer Operating System in C++

Simple Intel CPU processor tracing on Linux

The Windows Library for Intel Process Trace (WinIPT) is a project that leverages the new Intel Processor Trace functionality exposed by Windows 10 Redstone 5 (1809), through a set of libraries and …

Windows paravirtualized drivers for QEMU\KVM

Kaspersky AV Source code 2002/2003 year

magic-trace collects and displays high-resolution traces of what a process is doing

Simple (relatively) things allowing you to dig a bit deeper than usual.

usermode driver mapper that forcefully loads any signed kernel driver (legit cert) with a big enough section (example: .data, .rdata) to map your driver over. the main focus of this project is to p…

Modifies the Blue Screen of Death for 1909/20h1/20h2/21h1.

Anti-Anti-VM solution via Windows Driver

iPhone 11 emulated on QEMU

Using CVE-2021-40449 to manual map kernel mode driver

操作系统安全的第一次实验

An Android native libraries injection tool. supports arch arm/arm64/x86/x86_64. Support Android 4.x to 11.0.

IDA scripts for hypervisor (Hyper-v) analysis and reverse engineering automation

ebpfkit is a rootkit powered by eBPF

A fuzzer for full VM kernel/driver targets

A years-old exploit of a local EoP vulnerability in Kingsoft Antivirus KWatch Driver version 2009.3.17.77.

ebpfkit-monitor is a tool that detects and protects against eBPF powered rootkits

Use ci.dll API for validating Authenticode signature of files

记录一些我自己在学习Android逆向过程中的有意思的东西

Hooking SSDT with Avast Internet Security Hypervisor