An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

LIEF - Library to Instrument Executable Formats (C++, Python, Rust)

Lightweight C++ command line option parser

A C++11 library for serialization

Light-weight, simple and fast XML parser for C++ with XPath support

FluentUI for QML

Cross-platform game hack for Counter-Strike 2 with Panorama-based GUI.

KLEE Symbolic Execution Engine

KDMapper is a simple tool that exploits iqvw64e.sys Intel driver to manually map non-signed drivers in memory

Disable PatchGuard and Driver Signature Enforcement at boot time

Windows kernel hacking framework, driver template, hypervisor and API written on C++

Intel VT-x based hypervisor aiming to provide a thin VM-exit filtering platform on Windows.

现代DX11系列教程：使用Windows SDK(C++)开发Direct3D 11.x

Fast & memory efficient hashtable based on robin hood hashing for C++11/14/17/20

duilib 旗舰版-高分屏、多语言、样式表、资源管理器、异形窗口、窗口阴影、简单动画

Virtual-machine Translation Intermediate Language

Hypervisor based anti anti debug plugin for x64dbg

Great explanation of Process Hollowing (a Technique often used in Malware)

heavily vectorized c++17 compile time string encryption.

Monitoring and controlling kernel API calls with stealth hook using EPT

hvpp is a lightweight Intel x64/VT-x hypervisor written in C++ focused primarily on virtualization of already running operating system

Hook system calls on Windows by using Kaspersky's hypervisor

Universal graphical hook for a D3D9-D3D12, OpenGL and Vulkan based games.

Remove AV/EDR Kernel ObRegisterCallbacks、CmRegisterCallback、MiniFilter Callback、PsSetCreateProcessNotifyRoutine Callback、PsSetCreateThreadNotifyRoutine Callback、PsSetLoadImageNotifyRoutine Callback...

IDA Pro plugin with a rich set of features: decryption, deobfuscation, patching, lib code recognition and various pseudocode transformations

SuperDllHijack：A general DLL hijack technology, don't need to manually export the same function interface of the DLL, so easy! 一种通用Dll劫持技术，不再需要手工导出Dll的函数接口了

🪅 Windows User Space Emulator

pdbex is a utility for reconstructing structures and unions from the PDB into compilable C headers

基于内核模式的硬件信息欺骗工具