Stars
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
A cross-platform file change monitor with multiple backends: Apple macOS File System Events, *BSD kqueue, Solaris/Illumos File Events Notification, Linux inotify, Microsoft Windows and a stat()-bas…
LIEF - Library to Instrument Executable Formats (C++, Python, Rust)
Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code.
Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide
Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).
A collection of out-of-tree LLVM passes for teaching and learning
An even funnier way to disable windows defender. (through WSC api)
Header-only TOML config file parser and serializer for C++17.
C++11/14/17 std::expected with functional-style extensions
A Dynamic Binary Instrumentation framework based on LLVM.
IDA 2016 plugin contest winner! Symbolic Execution just one-click away!
IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations
Total Registry - enhanced Registry editor/viewer
Library for lifting machine code to LLVM bitcode
Virtual-machine Translation Intermediate Language
hvpp is a lightweight Intel x64/VT-x hypervisor written in C++ focused primarily on virtualization of already running operating system
A set of fully-undetectable process injection techniques abusing Windows Thread Pools
IDA plugin and loader for UEFI firmware analysis and reverse engineering automation
RpcView is a free tool to explore and decompile Microsoft RPC interfaces
Sample extensions, scripts, and API uses for WinDbg.