🛡️ Enhance Windows executable protection with Nanomites, which obfuscate control flow and disrupt reverse engineering through runtime exceptions.

🔒 Enable secure execution of encrypted Windows executables with JitDecrypter's just-in-time decryption for enhanced code protection at runtime.

These tools were originally designed to be a research project and drop-in replacement for readelf, objcopy and objdump utilising Capstone disassembly framework.

PE file viewer/editor for Windows, Linux and MacOS.

Malware Classification in a PE file using Neural Networks (CNN)

Docker image gathering packers and tools for making datasets of packed executables and training machine learning models for packing detection

Principled, lightweight C/C++ PE parser

flat assembler g - adaptable assembly engine

Library for plotting executable samples supporting multiple formats

A Windows executable 'loader' (in-memory patcher) for x86 and x64 targets, designed for controlled in-memory patching of executables (PE images).

A Just-In-Time Decrypter for Windows executables (x86 and x64) that performs real-time, instruction-level decryption of encrypted code sections, enhancing runtime protection against static and dynamic analysis.

A custom implementation of the Nanomites protection technology for Windows executables (x86 and x64) originally introduced by Silicon Realms in 1999 for the Armadillo Protector.

Provides parsing and generating Portable Executable binaries

Portable Executable reversing tool with a friendly GUI

Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

A library to load, manipulate, dump PE files. See also: https://github.com/hasherezade/libpeconv_tpl

A Windows PE packer for executables (x64) with LZMA compression and with full TLS (Thread Local Storage) support.

A Windows PE loader / manual mapper for executables (x86 and x64) with full TLS (Thread Local Storage) support.

Python AV Evasion Tools

A ⚡ lightweight Go package to parse, analyze and extract metadata from Portable Executable (PE) binaries. Designed for malware analysis tasks and robust against PE malformations.