Skin changer for League of Legends (LOL)

跨平台模拟执行unicorn框架基于Qemu的TCG模式(Tiny Code Generator),以无硬件虚拟化支持方式实现全系统的虚拟化,支持跨平台和架构的CPU指令模拟,本文讨论是一款笔者的实验性项目采用Windows Hypervisor Platform虚拟机模式提供了另一种CPU指令的模拟方式,在保持原有unicorn导出接口不变的情况下,采用Hyper-v支持带硬件虚拟化支持的…

Repository of yara rules

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

Sandboxie Plus & Classic

r/w virtual memory without attach

A C++ tool to unstrip Rust/Go binaries (ELF and PE)

Kernel dwm render

Fileless ring 3 rootkit with installer and persistence that hides processes, files, network connections, etc.

just proof of concept. hooking MmCopyMemory PG safe.

从MmPfnData中枚举进程和页目录基址

A basic 100 loc CPU emulator using the existing code of ntoskrnl.exe

Integrate deep learning models for image classification | Backbone learning/comparison/magic modification project

蓝队应急工具

a Windows kernel Pdb parsing and downloading library that running purely in kernel mode without any R3 programs.

an encryption library designed for Windows kernel and driver programming

A patch to hide qemu itself, bypass mhyprot,EAC,nProtect / VMProtect,VProtect, Themida, Enigma Protector,Safegine Shielden

protector & obfuscator & code virtualizer

Valorant Cheat | Aimbot + Esp + Skin Changer

BlackLotus UEFI Windows Bootkit

C++ IPC Library: A high-performance inter-process communication using shared memory on Linux/Windows.

The all in one Unreal Engine Dumper and editor for UE 4.19 - 5.2

JSON for Modern C++

VMPilot: A Modern C++ Virtual Machine SDK

ETWProcessMon2 is for Monitoring Process/Thread/Memory/Imageloads/TCPIP via ETW + Detection for Remote-Thread-Injection & Payload Detection by VirtualMemAlloc Events (in-memory) etc.

Disable PatchGuard and DSE at boot time

Post-exploitation tool for hiding processes from monitoring applications

Static user/kernel mode library that allows access to all functions and global variables by extracting offsets from the PDB