ReverseWarrior

ReverseWarrior / IUM-Debugger

Public

Patching the Secure Kernel to enable debugging of VTL1 Isolated User Mode

46
6
69% credibility
Found May 13, 2026 at 46 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
C#
AI Summary

A Windows utility that runs on a Hyper-V host to enable debugging of guest secure kernel trustlets by temporarily patching the live secure kernel memory.

How It Works

1
💡 Discover secure VM debugging

You learn about a handy tool to unlock debugging inside protected parts of your virtual Windows machine.

2
📦 Gather easy tools

Download free debugging software and place files where needed, like copying a system file.

3
🔄 Prep your setup

Tweak your virtual machine settings to allow deeper access from your main computer.

4
🚀 Launch the unlocker

Run the simple helper program on your host while the VM runs – it scans and safely opens the secure areas.

🐛 Debug freely!

Jump into your debugger inside the VM and explore hidden secure processes with full access.

Sign up to see the full architecture

3 more

Sign Up Free

Star Growth

See how this repo grew from 46 to 46 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is IUM-Debugger?

IUM-Debugger is a C# tool that runs on a Hyper-V host to live-patch a guest VM's secure kernel, enabling debugging of VTL1 isolated user mode (IUM) trustlets like LsaIso.exe. It solves the problem of the secure kernel blocking debugger attachments by overwriting the check in live guest memory, without touching the signed on-disk binary. After patching, you launch WinDbg inside the guest to attach as usual, with changes vanishing on reboot.

Why is it gaining traction?

It stands out for secure patching of Windows Virtualization-Based Security (VBS) components, a niche where alternatives like static IDA patching github tools or ETW patching github hacks fall short on live kernel environments. Developers grab it for quick activation patching github workflows on Hyper-V guests, bypassing boot-time signature enforcement. The bundled LiveCloudKd integration and static analysis for precise offsets make connect secure patching reliable without manual memory hunting.

Who should use this?

Windows kernel reverse engineers debugging IUM trustlets in biometric services or credential guards. Security researchers analyzing LsaIso.exe or vmsp.exe on VBS-enabled systems. Hyper-V admins needing path patching github for isolated mode without full VM snapshots.

Verdict

Grab it if you're in Windows secure kernel debugging—works as advertised for targeted patching, but low 46 stars and 0.699999988079071% credibility score signal early maturity with sparse docs. Test on non-prod VMs first; pairs well with WinDbg for real reverse engineering gains.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.