{"id":30604104,"url":"https://github.com/idov31/novahypervisor","last_synced_at":"2025-08-30T01:13:44.490Z","repository":{"id":310658634,"uuid":"1017996817","full_name":"Idov31/NovaHypervisor","owner":"Idov31","description":"NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks (either via Bring Your Own Vulnerable Driver (BYOVD) or other means) by safeguarding defense products (AntiVirus / Endpoint Protection) and kernel memory structures and preventing unauthorized access to kernel memory.","archived":false,"fork":false,"pushed_at":"2025-07-12T09:06:36.000Z","size":1300,"stargazers_count":219,"open_issues_count":0,"forks_count":21,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-08-19T14:11:08.931Z","etag":null,"topics":["blue-team","blueteam","cpp","cyber-security","cybersecurity","defense","driver","hypervisor","infosec","kernel"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Idov31.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-11T12:37:35.000Z","updated_at":"2025-08-19T14:08:56.000Z","dependencies_parsed_at":"2025-08-19T14:11:12.599Z","dependency_job_id":"f154c6ca-b76a-4797-a30a-6f2941d4192d","html_url":"https://github.com/Idov31/NovaHypervisor","commit_stats":null,"previous_names":["idov31/novahypervisor"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/Idov31/NovaHypervisor","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Idov31%2FNovaHypervisor","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Idov31%2FNovaHypervisor/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Idov31%2FNovaHypervisor/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Idov31%2FNovaHypervisor/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Idov31","download_url":"https://codeload.github.com/Idov31/NovaHypervisor/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Idov31%2FNovaHypervisor/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272789355,"owners_count":24993265,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-29T02:00:10.610Z","response_time":87,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blue-team","blueteam","cpp","cyber-security","cybersecurity","defense","driver","hypervisor","infosec","kernel"],"created_at":"2025-08-30T01:13:42.337Z","updated_at":"2025-08-30T01:13:44.478Z","avatar_url":"https://github.com/Idov31.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"# NovaHypervisor\n\n\u003cp align=\"center\"\u003e\n  \u003cimg alt=\"Logo\" src=\"./Images/logo_transparent.png\" width=\"400\" height=\"400\"\u003e\n\u003c/p\u003e\n\n![image](https://img.shields.io/badge/C%2B%2B-00599C?style=for-the-badge\u0026logo=c%2B%2B\u0026logoColor=white) ![assembly](https://img.shields.io/badge/ASSEMBLY-ED8B00?style=for-the-badge\u0026logo=Assembly\u0026logoColor=white) ![image](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge\u0026logo=windows\u0026logoColor=white)\n\n## Description\n\nNovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks (either via Bring Your Own Vulnerable Driver (BYOVD) or other means) by safeguarding defense products (AntiVirus / Endpoint Protection) and kernel memory structures and preventing unauthorized access to kernel memory.\n\nNovaHypervisor is written in C++ and Assembly, and is designed to be compatible with Hyper-V and run on Windows 10 and later versions. Please see the [setup](#setup) section for more information on how to use it.\n\n\u003e [!WARNING]  \n\u003e This project is in a very early stage of development and is not yet ready for production use. It is intended for educational purposes and to demonstrate the concepts of a defensive hypervisor.\n\u003e The project has been tested on the latest Windows 10, and while it should work on Windows 11, it has not been tested on that version yet.\n\n## Usage\n\nTo use the NovaHypervisor, you will need to create a kernel service and start it:\n\n```cmd\nsc create NovaHypervisor type= kernel binPath= \"C:\\Path\\To\\NovaHypervisor.sys\"\n\nsc start NovaHypervisor\n```\n\nThen, you can add and remove the addresses that you want to protect using the [NovaClient](./NovaClient/) application:\n\n```cmd\nREM Add an address to protect\nNovaClient.exe protect 0x12345678 \u003cr|w|x\u003e \u003cexecution hook\u003e\n\nREM Remove an address from protection\nNovaClient.exe unprotect 0x12345678\n```\n\n- protect: Protect a memory address from being accessed, you can specify the type of protection:\n  - `r`: Read protection\n  - `w`: Write protection\n  - `x`: Execute protection\nThe protection that you give is the protection that the address will **have**. For example, if you want to remove execute privileges, do \"rw\".\n\n- unprotect: Remove protection from a memory address.\n\n\u003e [!NOTE]\n\u003e Execution hook via inline hook + EPT hooks are not supported and will not be supported for this project to prevent abuse.\n\n## Setup\n\n### Compiling the Project\n\nThe setup to compile the project requires you to have:\n\n- Visual Studio 2022 or later.\n- Windows Driver Kit (WDK) installed.\n\n### Target setup\n\nTo run the hypervisor, you will need to have a Windows 10 or later version installed on your machine. You will also need to have:\n\n- Intel VT-x enabled.\n- Virtualized IOMMU.\n\n## Logging and Debugging\n\n### Logging\n\nNovaHypervisor uses [WPP](https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/wpp-software-tracing) logging as it provides easy to use interface that works also in VMX root. To be able to see the logs, make sure to create a trace session once:\n\n```cmd\nlogman create trace \"NovaHypervisorLogs\" -p {e74c1035-77d4-4c5b-9088-77056fae3aa3} 0xffffffff 0xff -o C:\\Path\\To\\NovaHypervisor.etl\n```\n\nLater on, whenever you want to start or end the logging session you can use:\n\n```cmd\nlogman start \"NovaHypervisorLogs\"\nlogman stop \"NovaHypervisorLogs\"\n```\n\nTo view the logs you can use tools such as [TraceView](https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/traceview).\n\n### Debugging\n\nTo test and debug it in your testing environment run those commands with elevated cmd and then restart your machine:\n\n```cmd\nbcdedit /set testsigning on\nbcdedit /debug on\nbcdedit /dbgsettings net hostip:\u003cHOSTIP\u003e port:55000 key:1.2.3.4\n```\n\nWhere `\u003cHOSTIP\u003e` is the IP address of your host machine.\n\n## Resources\n\n[Hypervisor From Scratch](https://rayanfam.com/topics/hypervisor-from-scratch-part-1/)\n\n[HyperDbg](https://github.com/HyperDbg/HyperDbg)\n\n## Personal Thanks \u0026 Contributors\n\n- [Sinaei](https://x.com/Intel80x86): For his help with answering questions I had and for his amazing work on HyperDbg and Hypervisor From Scratch.\n\n- [memN0ps](https://github.com/memN0ps/): For his help with answering questions I had and pointing me to the right resources.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fidov31%2Fnovahypervisor","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fidov31%2Fnovahypervisor","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fidov31%2Fnovahypervisor/lists"}