Stars
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
A cross-platform file change monitor with multiple backends: Apple macOS File System Events, *BSD kqueue, Solaris/Illumos File Events Notification, Linux inotify, Microsoft Windows and a stat()-bas…
LIEF - Library to Instrument Executable Formats (C++, Python, Rust)
Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code.
Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
A collection of out-of-tree LLVM passes for teaching and learning
An even funnier way to disable windows defender. (through WSC api)
Framework for lifting x86, amd64, aarch64, sparc32, and sparc64 program binaries to LLVM bitcode
Header-only TOML config file parser and serializer for C++17.
C++11/14/17 std::expected with functional-style extensions
A Dynamic Binary Instrumentation framework based on LLVM.
IDA 2016 plugin contest winner! Symbolic Execution just one-click away!
IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations
Fast strong hash functions: SipHash/HighwayHash
Total Registry - enhanced Registry editor/viewer
Library for lifting machine code to LLVM bitcode
Virtual-machine Translation Intermediate Language
hvpp is a lightweight Intel x64/VT-x hypervisor written in C++ focused primarily on virtualization of already running operating system
A set of fully-undetectable process injection techniques abusing Windows Thread Pools