30 open-source projects similar to air14/hyperhide, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best HyperHide alternative.
Pics is a comprehensive reference library providing visual documentation for binary file structures, character encodings, processor instruction sets, and hardware architecture maps. It serves as a centralized resource for the dissection and analysis of diverse binary formats, including executables, images, and archives. The project specializes in mapping complex specifications into visual layouts. This includes the creation of schematic diagrams to explain the physical and logical organization of hardware components and the maintenance of a catalog for processor opcodes across multiple hardwa
GhidraMCP is a Model Context Protocol server that exposes Ghidra binary analysis and decompilation functions to external intelligence models. It acts as a bridge that connects the Ghidra reverse engineering suite to external tools through a standardized communication protocol, facilitating automated reverse engineering and software auditing. The project enables the extraction of decompiled code and program structural data to populate the context windows of language models. It features a binary symbol management tool capable of dynamic symbol resolution, allowing method and data names to be up
dnSpy is a specialized toolset for the reverse engineering, analysis, and modification of compiled .NET binaries. It functions as a decompiler that converts assemblies back into readable high-level source code, an assembly editor for modifying bytecode and metadata, and a debugger for inspecting compiled binaries. The project integrates a hex editor specifically for inspecting and modifying raw bytes and Common Intermediate Language structures. It allows for the direct modification of binary contents to change application behavior without requiring the original project source files. The tool
Retdec is an LLVM-based machine code decompiler and static binary analysis tool designed for binary reverse engineering. It translates binary executable code into high-level representations to facilitate the reconstruction of program logic from compiled machine code. The system utilizes a retargetable frontend architecture and a multi-stage lifting pipeline to convert raw bytes into a common intermediate language. It differentiates custom program logic from known library code through signature-based identification and provides utilities for binary symbol demangling to restore human-readable n
Binary Analysis Platform
ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra/Binary Ninja disassemblers.
Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves as a binary decompiler and a lifting platform that translates machine code into a common intermediate representation to enable cross-architecture analysis. The framework integrates a symbolic execution engine and constraint solvers to determine the inputs required to reach specific program states. It also employs untrusted code sandboxing to isolate guest code from the host environment during analysis. Its capabilities cover control flow and data flow analysis, including the
A static devirtualizer for VMProtect x64 3.x. powered by VTIL.
GhIDA is an IDA Pro plugin that integrates the Ghidra decompiler in IDA.
Blackbone is a collection of specialized tools for memory scanning, process injection, and kernel-driver interfaces used to manipulate the Windows execution environment. It provides a framework for executing remote code, mapping portable executable images, and managing threads across different process boundaries. The project includes a kernel memory driver to access kernel memory and modify handle rights to hide allocations from user-mode detection. It also features a library for intercepting function calls in remote processes using software interrupts and hardware breakpoints. The toolkit c
capa is a static analysis tool that scans executable files to identify what a program can do, detecting capabilities such as API calls, byte sequences, and structural patterns without executing the code. It supports multiple file formats including PE, ELF, .NET, and shellcode, and can also process runtime behavior traces from sandbox reports generated by CAPE, DRAKVUF, or VMRay. The tool integrates directly with reverse engineering environments through plugins for IDA Pro and Ghidra, allowing analysts to view capability matches and author detection rules within their disassembler of choice. C
FLARE Obfuscated String Solver - Automatically extract obfuscated strings from malware.