Alex Ionescu's Projects
Blackwood 4NT -- Grand Slam Authentication for Windows NT (10)
Capstone disassembly framework: Core + Python + Ocaml + Java + C# bindings
Unofficial Common Log File System (CLFS) Documentation
Open Source Implementation of Cisco Scanning Executable
Driver demonstrating how to register a DPC to asynchronously wait on an object
EDK II
A Bind Shell Using the Fax Service and a DLL Hijack
Local OXID Resolver (LCLOR) : Research and Tooling
(unofficial) Hyper-VĀ® Development Kit
Recon 2015 Presentation from Alex Ionescu
Fun with the Windows Subsystem for Linux (WSL/LXSS)
This repository contains several applications, demonstrating the Meltdown bug.
The Minimal LZMA (minlzma) project aims to provide a minimalistic, cross-platform, highly commented, standards-compliant C library (minlzlib) for decompressing LZMA2-encapsulated compressed data in LZMA format within an XZ container, as can be generated with Python 3.6, 7-zip, and xzutils
OpenNT - Windows OS Compatible - Clone of SVN
Open vSwitch
PrintDemon is a PoC for a series of issues in the Windows Print Spooler service, as well as potetial misuses of the functionality.
Python scripts for reverse engineering.
Simpleator ("Simple-ator") is an innovative Windows-centric x64 user-mode application emulator that leverages several new features that were added in Windows 10 Spring Update (1803), also called "Redstone 4", with additional improvements that were made in Windows 10 October Update (1809), aka "Redstone 5".
SimpleVisor is a simple, portable, Intel VT-x hypervisor with two specific goals: using the least amount of assembly code (10 lines), and having the smallest amount of VMX-related code to support dynamic hyperjacking and unhyperjacking (that is, virtualizing the host state from within the host). It works on Windows and UEFI.
SMC Utility for Apple Macintosh Computers
SpecuCheck is a Windows utility for checking the state of the software mitigations and hardware against CVE-2017-5754 (Meltdown), CVE-2017-5715 (Spectre v2), CVE-2018-3260 (Foreshadow), and CVE-2018-3639 (Spectre v4)
The TpmTool utility is a simple cross-platform tool for accessing TPM2.0 Non-Volatile (NV) Spaces (Index Values) on compliant systems, with zero dependencies on any TPM2.0 stack. It provides the ability to enumerate, create, delete, query, and lock NV indices, as well as to read and write data stored in them.
A project for allowing EDK-II Development with Visual Studio
Toy scripts for playing with WinDbg JS API
The Windows Library for Intel Process Trace (WinIPT) is a project that leverages the new Intel Processor Trace functionality exposed by Windows 10 Redstone 5 (1809), through a set of libraries and a command-line tool.
WNF Utilities 4 Newbies (WNFUN)