Guest lecture about Windows Internals (aimed at total beginners), given at the Ruhr-Universität Bochum. Slides: https://mrexodia.github.io/files/wicc-2023-sl...

Perfect DLL Proxying using forwards with absolute paths. - mrexodia/perfect-dll-proxy

Breaking down and investigating how Dark Souls 3 communicates with its online services.

An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing). - mrexodia/dumpulator

A snapshotting, coverage-guided fuzzer for software (UEFI, Kernel, firmware, BIOS) built on SIMICS - intel/tsffs

Some simple go tools to perform a Man-in-the-middle (MITM) attack on your IMAP server in case you forgot your password. - mrexodia/haxxmap

Time Travel Debugging IDA plugin. Contribute to airbus-cert/ttddbg development by creating an account on GitHub.

Unlinker is a tool that can rip functions out of Visual C++ compiled binaries and produce Visual C++ COFF object files - jonwil/unlinker

Global user-mode hooking framework, based on AppInit_DLLs. The goal is to allow you to rapidly develop hooks to inject in an arbitrary process. - mrexodia/AppInitHook

# CREATE: A methodology for reverse engineering complex software systems _Note: All the content of

A Python script to download PDB files associated with a Portable Executable (PE) - p0dalirius/pdbdownload

Single header version of System Informer's phnt library. - mrexodia/phnt-single-header

RISC-V Virtual Machine. Contribute to thesecretclub/riscy-business development by creating an account on GitHub.

Windows kernel driver template for cmkr (with testsigning). - build-cpp/wdk_template

Instructions database and utilities for X86/X64 and ARM (THUMB/A32/A64) architectures. - asmjit/asmdb

Binary Ninja is a modern reverse engineering platform with a scriptable and extensible decompiler.

Symbolic execution for RISC-V machine code based on the formal LibRISCV ISA model - agra-uni-bremen/BinSym

Before this change I got ~150k instructions/second, after ~380k (2.5x). The main bottleneck was caused by separate allocations of the VarnodeData and PcodeOpRaw objects, but there was also an unnec...

Unicorn Emulator Debug Server - Written in Rust, with bindings for C, Go, Java and Python - bet4it/udbserver

Here I demonstrate how to solve the CTF using a binary ninja plugin called SENinja. Note that this version of the plugin shown in the video is part of a non-...

Just over a year ago, I wrote a blog post about a topic that’s very important to me, which is the problem of code rot, of software constantly breaking because of shifting foundations, and the…

A unique, visual tool to help researchers and applied scientists find and explore papers relevant to their field of work.

Simple memory profiler for Windows.

Perfect DLL Proxying using forwards with absolute paths. - mrexodia/perfect-dll-proxy

Replication of Gmutator experiments. Contribute to bendrissou/gmutator-replication development by creating an account on GitHub.

x64Dbg plugin that enables C# plugins with hot-loading support and scripting. - x64dbg/DotX64Dbg

Ever wanted to execute PHP in your kernel driver? Look no further! - mrexodia/NtPhp

Blog dedicated to (x64dbg) programming, reverse engineering and general hacking.

Hi, currently 'Attach to Process' looks for processes where the executable is python.exe. Some processes have python interpreters embedded in them (e.g. excel.exe using a pyxll addin - www.pyxll.com)...

Use Rosetta to run amd64 binaries on your M1 with Multipass. - mrexodia/rosetta-multipass

Trial Reasoner for AI that Learns. Contribute to IBM/TRAIL development by creating an account on GitHub.

For unknown reasons FFXIV does not automatically synchronize the settings (character settings, gear...

A fly-though of the top layers of an Intel 22-nanometer processor reconstructed from X-ray scans, a technique called ptychographic X-ray computed tomography ...

Blog dedicated to (x64dbg) programming, reverse engineering and general hacking.

x64Dbg plugin that enables C# plugins with hot-loading support and scripting. - x64dbg/DotX64Dbg

Demonstrating a feature similar to https://github.com/hasherezade/malware_analysis/tree/master/pe_unmapperDetails: https://github.com/mrexodia/Scylla http://...