GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → secrary → Makin

secrary / Makin

Licence: mit
makin - reveal anti-debugging and anti-VM tricks [This project is not maintained anymore]

Labels

reverse-engineeringhooksdebuggingmalware-analysiscapstone

Projects that are alternatives of or similar to Makin

Gef
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers ☢
Stars: ✭ 4,197 (+550.7%)
Mutual labels:  malware-analysis, reverse-engineering, debugging
Idenlib
idenLib - Library Function Identification [This project is not maintained anymore]
Stars: ✭ 322 (-50.08%)
Mutual labels:  malware-analysis, reverse-engineering, debugging
Pwndbg
Exploit Development and Reverse Engineering with GDB Made Easy
Stars: ✭ 4,178 (+547.75%)
Mutual labels:  malware-analysis, reverse-engineering, debugging
Antidebugging
A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.
Stars: ✭ 161 (-75.04%)
Mutual labels:  malware-analysis, reverse-engineering, debugging
Freki
🐺 Malware analysis platform
Stars: ✭ 285 (-55.81%)
Mutual labels:  malware-analysis, reverse-engineering
Drltrace
Drltrace is a library calls tracer for Windows and Linux applications.
Stars: ✭ 282 (-56.28%)
Mutual labels:  malware-analysis, reverse-engineering
Macbook
《macOS软件安全与逆向分析》随书源码
Stars: ✭ 302 (-53.18%)
Mutual labels:  malware-analysis, reverse-engineering
use-debugger-hooks
A small package of custom React hooks that are useful for debugging changes in React hook dependencies across renders
Stars: ✭ 44 (-93.18%)
Mutual labels:  debugging, hooks
Polichombr
Collaborative malware analysis framework
Stars: ✭ 307 (-52.4%)
Mutual labels:  malware-analysis, reverse-engineering
Simplify
Android virtual machine and deobfuscator
Stars: ✭ 3,865 (+499.22%)
Mutual labels:  malware-analysis, reverse-engineering
Dex Oracle
A pattern based Dalvik deobfuscator which uses limited execution to improve semantic analysis
Stars: ✭ 398 (-38.29%)
Mutual labels:  malware-analysis, reverse-engineering
Plasma
Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.
Stars: ✭ 2,956 (+358.29%)
Mutual labels:  capstone, reverse-engineering
Simpleator
Simpleator ("Simple-ator") is an innovative Windows-centric x64 user-mode application emulator that leverages several new features that were added in Windows 10 Spring Update (1803), also called "Redstone 4", with additional improvements that were made in Windows 10 October Update (1809), aka "Redstone 5".
Stars: ✭ 260 (-59.69%)
Mutual labels:  malware-analysis, reverse-engineering
jitm
JITM is an automated tool to bypass the JIT Hooking protection on a .NET sample.
Stars: ✭ 27 (-95.81%)
Mutual labels:  hooks, malware-analysis
Hyperpwn
A hyper plugin to provide a flexible GDB GUI with the help of GEF, pwndbg or peda
Stars: ✭ 387 (-40%)
Mutual labels:  reverse-engineering, debugging
Sec skills
软件安全工程师技能表
Stars: ✭ 410 (-36.43%)
Mutual labels:  malware-analysis, reverse-engineering
Stringsifter
A machine learning tool that ranks strings based on their relevance for malware analysis.
Stars: ✭ 469 (-27.29%)
Mutual labels:  malware-analysis, reverse-engineering
Anti-Debugging
A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.
Stars: ✭ 297 (-53.95%)
Mutual labels:  debugging, malware-analysis
rtfraptor
Extract OLEv1 objects from RTF files by instrumenting Word
Stars: ✭ 50 (-92.25%)
Mutual labels:  debugging, malware-analysis
Drakvuf Sandbox
DRAKVUF Sandbox - automated hypervisor-level malware analysis system
Stars: ✭ 384 (-40.47%)
Mutual labels:  malware-analysis, reverse-engineering
View All Similar Projects ➔

I create makin to make initial malware assessment little bit easier for me, I think it's useful for others as well, It helps to reveal a debugger detection techniques used by a sample.

Any feedback is greatly appreciated: @_qaz_qaz

How does it work?

makin opens a sample as a debuggee and injects asho.dll(main module renames all dlls before injection), asho.dll hooks several functions at ntdll.dll and kernelbase.dll libraries and after parameters checkings, it sends the corresponding message to the debugger (makin.exe).

makin also generates a script for IDA Pro to set breakpoints at detected APIs.

At this moment, makin can reveal following techniques:

ntdll.dll:

kernelbase.dll:

You can add more VM checks via editing checks.json file, without modification of the executable

That's all for now, you can add as much as you wish :)

Third-party

DEMO:

makin_demo

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].