GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → can1357 → NtRays

can1357 / NtRays

Licence: BSD-3-Clause license
Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.

Programming Languages

C++
36643 projects - #6 most used programming language

Labels

windows-kernelhex-rays-decompilerhex-raysntoskrnl

Projects that are alternatives of or similar to NtRays

MCExplorer
Python portage of the Microcode Explorer plugin
Stars: ✭ 28 (-91.95%)
Mutual labels:  hex-rays-decompiler, hex-rays
HEVD-CSharpKernelPwn
CSharp Writeups for HackSys Extreme Vulnerable Driver
Stars: ✭ 41 (-88.22%)
Mutual labels:  windows-kernel
DriverBuddyReloaded
Driver Buddy Reloaded is an IDA Pro Python plugin that helps automate some tedious Windows Kernel Drivers reverse engineering tasks
Stars: ✭ 210 (-39.66%)
Mutual labels:  windows-kernel
Winfsp
Windows File System Proxy - FUSE for Windows
Stars: ✭ 4,071 (+1069.83%)
Mutual labels:  windows-kernel
stlkrn
C++ STL in the Windows Kernel with C++ Exception Support
Stars: ✭ 216 (-37.93%)
Mutual labels:  windows-kernel
PrivFu
Kernel mode WinDbg extension and PoCs for token privilege investigation.
Stars: ✭ 244 (-29.89%)
Mutual labels:  windows-kernel
ida migrator
IDA Migrator is an IDA Pro plugin which helps migrate existing work from one database instance to another. It Conveniently migrates function names, structures and enums.
Stars: ✭ 65 (-81.32%)
Mutual labels:  hex-rays

NtRays

NtRays is a Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.

Features

  • Cleanup of instrumentation and scheduler hinting code.

  • Lifting of multiple missing instructions.

  • Lifting of TrapFrame accesses and interrupt/syscall returns.

  • Inference of KUSER_SHARED_DATA segments.

  • Lifting of dynamic relocations for page tables and PFN database with LA57 support.

  • RSB flush lifting in ISRs.

  • Replacement of KTHREAD/KPROCESS with ETHREAD/EPROCESS in user types, local variables and arguments.

Installation

Simply drop the NtRays64.dll into the plugins folder. Note: IDA 7.6+ is required.

License

NtRays is licensed under BSD-3-Clause License.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].