Xyrem/Yumekage Xyrem/Yumekage

  • Stars
    star
    257
  • Rank 158,728 (Top 4 %)
  • Language
    C++
  • Created over 1 year ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Xyrem/Yumekage
github

Xyrem

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Demo proof of concept for shadow regions, and implementation of HyperDeceit.

Yumekage

This repository contains a demo proof of concept implementation for shadowing memory regions in Windows. It was created as part of a blog post discussing the topic and also serves as a basis for the HyperDeceit project which is available at https://github.com/Xyrem/HyperDeceit.

Please do not use this code for production, as it is no where near ready for it. However bug reports and feedback are welcome.

Blog post: https://reversing.info/posts/guardedregions

Media

Demo Windows Demo WinDbg

Credits

  • Everdox for coming up with the idea of abusing context swaps to create hidden memory.

More Repositories

1

HyperDeceit

HyperDeceit is the ultimate all-in-one library that emulates Hyper-V for Windows, giving you the ability to intercept and manipulate operating system tasks with ease.
C++
348
star
2

Steam-Hook-Render-PoC

C++
58
star
3

Arbitrary-Physical-Memory-RW

C++
35
star
4

ioctl_decoder-utility-

I was reversing some vulnerable drivers and thought it was kinda a pain in the ass to decode the ioctls as there are no public decoders (except osr's one but its online) afaik, so I made this tool so I could help anyone who might be lazy to decode them themselves.
C++
8
star
5

Process-Dumper-DLL

C
7
star
6

Curl-Server-Manipulation

Curl Server Manipulation also known as CSM, is a tool which can be used to manipulate the data which is used to setup curl.
C
4
star