Alex Ionescu's repositories
SimpleVisor
SimpleVisor is a simple, portable, Intel VT-x hypervisor with two specific goals: using the least amount of assembly code (10 lines), and having the smallest amount of VMX-related code to support dynamic hyperjacking and unhyperjacking (that is, virtualizing the host state from within the host). It works on Windows and UEFI.
SpecuCheck
SpecuCheck is a Windows utility for checking the state of the software mitigations and hardware against CVE-2017-5754 (Meltdown), CVE-2017-5715 (Spectre v2), CVE-2018-3260 (Foreshadow), and CVE-2018-3639 (Spectre v4)
VisualUefi
A project for allowing EDK-II Development with Visual Studio
minlzma
The Minimal LZMA (minlzma) project aims to provide a minimalistic, cross-platform, highly commented, standards-compliant C library (minlzlib) for decompressing LZMA2-encapsulated compressed data in LZMA format within an XZ container, as can be generated with Python 3.6, 7-zip, and xzutils
Simpleator
Simpleator ("Simple-ator") is an innovative Windows-centric x64 user-mode application emulator that leverages several new features that were added in Windows 10 Spring Update (1803), also called "Redstone 4", with additional improvements that were made in Windows 10 October Update (1809), aka "Redstone 5".
HookingNirvana
Recon 2015 Presentation from Alex Ionescu
PrintDemon
PrintDemon is a PoC for a series of issues in the Windows Print Spooler service, as well as potetial misuses of the functionality.
tpmtool
The TpmTool utility is a simple cross-platform tool for accessing TPM2.0 Non-Volatile (NV) Spaces (Index Values) on compliant systems, with zero dependencies on any TPM2.0 stack. It provides the ability to enumerate, create, delete, query, and lock NV indices, as well as to read and write data stored in them.
Blackwood-4NT
Blackwood 4NT -- Grand Slam Authentication for Windows NT (10)
scripts_for_RE
Python scripts for reverse engineering.
windbg_js_scripts
Toy scripts for playing with WinDbg JS API