Stars
This project migrated to https://github.com/backengineering/llvm-msvc
Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code.
Hook system calls on Windows by using Kaspersky's hypervisor
FindFunc is an IDA Pro plugin to find code functions that contain a certain assembly or byte pattern, reference a certain name or string, or conform to various other constraints.
Various Yara signatures (possibly to be included in a release later).
A code parser for C-Style header files that lets you to parse function's prototypes and data types used in their parameters.
X86 Mutation Engine with Portable Executable compatibility.
Obfuscation library based on C++20 and metaprogramming
A C++ header-only HTTP/HTTPS server and client library
GIMPLE obfuscator for C, C++, Go, ... all supported GCC targets and front-ends that use GIMPLE.
Ghidra is a software reverse engineering (SRE) framework
UNIX-like reverse engineering framework and command-line toolset.
Scripts and cheatsheets for IDAPython
An Interactive Binary Patching Plugin for IDA Pro
A single-header C++ library for simplifying the use of CUDA Runtime Compilation (NVRTC).
Lifting from native architecture to VTIL. (WIP)
Header only wrapper around Hex-Rays API in C++20.
Keystone assembler framework: Core (Arm, Arm64, Hexagon, Mips, PowerPC, Sparc, SystemZ & X86) + bindings
Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), Alpha, BPF, Ethereum VM, HPPA, LoongArch, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, T…
Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.
Playing with the VMProtect software protection. Automatic deobfuscation of pure functions using symbolic execution and LLVM.
Manual mapper that uses PTE manipulation, Virtual Address Descriptor (VAD) manipulation, and forceful memory allocation to hide executable pages. (VAD hide / NX bit swapping)