Automated multi-engine framework for unpacking, analyzing, and devirtualizing binaries protected by commercial and custom Virtual Machine based protectors. Combines Dynamic Taint Tracking, Symbolic…

Usermode NT Explorer - Query kernel addresses, translate virtual to physical addresses, inspect the PFN database, and more.

Automatic vtable detection, inheritance analysis, and function override tracking for reverse engineering compiled C++ binaries. Supports IDA Pro 9+ on any OS

Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.

Code proving a 25-year blind spot in all disassemblers. PoC for Intel x64/x86 “ghost instructions.”

The Interception API aims to build a portable programming interface that allows one to intercept and control a range of input devices.

An optimizing decompiler

An ARM64 Linux ELF Packer/Loader

This is practice VM for malware development

Bypass protection and hide CE via VT-x hypervisor and ept hook to use cheat engine .

NOCRT - simple replacement of some parts of C runtime library

VTIL2 is a ground-up reimagination of the VTIL Project, completely rewritten in modern C# with enterprise-grade architecture, performance optimizations, and developer experience enhancements. While…

A PE dumper for processes protected by user mode anti-tamper solutions (hyperion, theia, etc.)

A x86_64 software emulator

Flexible and easy to use Memory Scanner written in C++

Alure is a utility library for OpenAL, providing a C++ API and managing common tasks that include file loading, caching, and streaming

Themida 3.x research

Calling "own" MouseClassServiceCallback

Claude-style sub-agents (reviewer, debugger, security) for Codex CLI via a tiny MCP server. Each call spins up a clean context in a temp workdir, injects a persona via AGENTS.md, and runs codex exe…

The different ways to dump lsass

Decompiler written in Rust

An example of hooking in CEF-based applications

flat assembler 1 - reconstructed source history

awesome game security [Welcome to PR]

a lightweight, multi-platform, multi-architecture hook framework.

This script automates the process of refreshing pseudocode, renaming symbols, and saving the updated IDA database for all functions in a given binary, leveraging AI-assisted renaming for enhanced c…

Mirror of the SourceForge SVN https://sourceforge.net/p/processhacker/code/HEAD/tree/ - Process Hacker was rebranded and now maintained here https://github.com/winsiderss/systeminformer

x86-64 Assembler based on Zydis

💻 Windows XP All Editions Universal Product Keys Collection