Giters
cbwang505

cbwang505

Geek Repo

0

followers

0

following

0

stars

Company:ZheJiang Guoli Security Technology

Location:China ZheJiang Ningbo

Home Page:https://cbwang505.blog.csdn.net/

Twitter:@cbwang505

Github PK Tool:Github PK Tool

cbwang505's repositories

llvmanalyzer

笔者在一款基于LLVM编译器架构的retdec开源反编译器工具的基础上,融合了klee符号执行工具,通过符号执行(Symbolic Execution)引擎动态模拟反编译后的llvm的ir(中间指令集)运行源程序的方法,插桩所有的对x86指令集的thiscall类型函数对this指针结构体(也就是rcx寄存器,简称this结构)偏移量引用,经行分析汇总后自动识别this结构体的具体内容,并自动集成导入ida工具辅助分析.

License:NOASSERTIONStargazers:201Issues:12Issues:1

unicorn-whpx

跨平台模拟执行unicorn框架基于Qemu的TCG模式(Tiny Code Generator),以无硬件虚拟化支持方式实现全系统的虚拟化,支持跨平台和架构的CPU指令模拟,本文讨论是一款笔者的实验性项目采用Windows Hypervisor Platform虚拟机模式提供了另一种CPU指令的模拟方式,在保持原有unicorn导出接口不变的情况下,采用Hyper-v支持带硬件虚拟化支持的Windows Hypervisor Platform API接口扩展了底层CPU模拟环境实现,支持X86指令集二进制程序模拟平台和调试器.

Language:CStargazers:62Issues:4Issues:1

windbg-uefi

这篇文章的目的是介绍一款实验性项目基于COM命名管道或者Windows Hyper-V虚拟机Vmbus通道实现的运行在uefi上的windbg调试引擎开发心得

Language:CStargazers:38Issues:5Issues:0

DIYDynamoRIO

动态二进制插桩框架DynamoRIO通过将程序代码进行反复插桩(Instrumentation)执行构建了源程序代码与操纵代码之间的桥梁,使DynamoRIO的客户端编写者能够在更高的层面上驾驭原有的程序代码.虽然程序的载体还是被编译成原生的汇编指令集执行,但是不管是原生代码还是程序行为逻辑DynamoRIO为我们提供丰富的API已经把这些封装成了足够友好操作方式暴露给客户端编写者使用,用户可以透明的修改原有的程序代码(HotPatch),执行追踪,Hook,调试,模拟等高级运行时操纵(Runtime Code Manipulation )技术.本文主要分析DynamoRIO插桩的主要流程和实现原理,深入源码片段中几个有意思的小节体现作者构思的巧妙之处,并附加相关demo分析让读者加深对DynamoRIO的认识.

Language:HTMLLicense:NOASSERTIONStargazers:30Issues:5Issues:2

windbg-wireshark

windbg调试协议wireshark抓包解析插件

Language:CStargazers:16Issues:3Issues:0

krabsetw

KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.

Language:C++License:NOASSERTIONStargazers:3Issues:1Issues:0

CVE-2023-28252

License:Apache-2.0Stargazers:1Issues:0Issues:0

IoRingReadWritePrimitive

Post exploitation technique to turn arbitrary kernel write / increment into full read/write primitive on Windows 11 22H2

Language:C++License:MITStargazers:1Issues:1Issues:0

WSL2-Linux-Kernel

The source for the Linux kernel used in Windows Subsystem for Linux 2 (WSL2)

Language:CLicense:NOASSERTIONStargazers:1Issues:1Issues:0

24h2-nt-exploit

Exploit targeting NT kernel in 24H2 Windows Insider Preview

License:MITStargazers:0Issues:0Issues:0

Blackbone

Windows memory hacking library

Language:C++License:MITStargazers:0Issues:2Issues:0

CrystalDiskInfo

CrystalDiskInfo

Language:C++License:MITStargazers:0Issues:2Issues:0

dbgcom

dbgcom

Language:CStargazers:0Issues:0Issues:0

HexRaysCodeXplorer

Hex-Rays Decompiler plugin for better code navigation

Stargazers:0Issues:0Issues:0

hidden

🇺🇦 Windows driver with usermode interface which can hide processes, file-system and registry objects, protect processes and etc

Language:CStargazers:0Issues:2Issues:0

HyperDbg

State-of-the-art native debugging tool

Language:CLicense:GPL-3.0Stargazers:0Issues:1Issues:0

infer

A static analyzer for Java, C, C++, and Objective-C

Language:OCamlLicense:MITStargazers:0Issues:1Issues:0

lis-next

Linux Integration Services

Language:CLicense:GPL-2.0Stargazers:0Issues:1Issues:0

LocalPotato

Language:C++License:MITStargazers:0Issues:1Issues:0

lorca

Build cross-platform modern desktop apps in Go + HTML5

Language:GoLicense:MITStargazers:0Issues:0Issues:0

MIEngine

The Visual Studio MI Debug Engine ("MIEngine") provides an open-source Visual Studio Debugger extension that works with MI-enabled debuggers such as gdb and lldb.

Language:C#License:MITStargazers:0Issues:2Issues:0

Mile.HyperV

The lightweight library for Hyper-V guest interfaces.

Language:CLicense:MITStargazers:0Issues:0Issues:0

monza

Research unikernel for virtualized services

License:MITStargazers:0Issues:0Issues:0

SQLiteCpp

SQLiteC++ (SQLiteCpp) is a smart and easy to use C++ SQLite3 wrapper.

Language:CLicense:MITStargazers:0Issues:2Issues:0

TaskSchedulerMisc

Misc TaskScheduler Plays

Language:C#License:GPL-3.0Stargazers:0Issues:1Issues:0

UmdhGui

Graphical user interface for the UMDH tool

Language:C#License:MITStargazers:0Issues:1Issues:0

Website

Language:SCSSLicense:MITStargazers:0Issues:1Issues:0

WinDbg-JS-Scripts

License:MITStargazers:0Issues:0Issues:0

Windows_LPE_AFD_CVE-2023-21768

LPE exploit for CVE-2023-21768

Language:CStargazers:0Issues:1Issues:0

ysoserial.net

Deserialization payload generator for a variety of .NET formatters

Language:C#License:MITStargazers:0Issues:0Issues:0