#Polymorphic PE Re-Writer for Win x64 - C++

Hey folks, sharing a project I've been working on.

MorphKatz -- polymorphic PE rewriter for Windows x64. Takes a binary, applies semantic-equivalent instruction rewrites, outputs a byte-different but functionally identical version. Use case is detection coverage testing -- if your YARA rule survives 50 polymorphic variants, it's durable; if it dies at variant 3, it's pure byte-pattern fragile.

Engine highlights:

• Zydis for both decode and encode (no IPC, no Capstone/Keystone desync)
• Recursive-descent CFG with jump-table recovery (no linear-sweep data corruption)
• Per-basic-block EFLAGS liveness analysis -- rules that lie about flag preservation are rejected at load time
• Optional Unicorn semantic verification -- runs original + rewritten BB against symbolic register harness
• Data-section morphing with anti-emulation gate that defeats Defender's AmDisable!MTB heuristic at runtime

Demo flow in the GIF: scan amsi_patch_demo.exe (DETECTED) -> morph -> scan again (CLEAN) -> run morphed binary (AMSI bypass still works).

Backed by some private RE research into mpengine internals. Happy to discuss with verified researchers.

Repo: https://github.com/0xMohammedHassan/morphkatz

Feedback / issues / PRs welcome. AGPL-3.0, Windows x64.

weird, all your projects are just 1 commits

@surreal quest why is that?

Fair question , these were built/cleaned locally first, then pushed publicly as squashed initial releases, so GitHub only shows 1 commit.
It’s about how they were published, not the amount of work behind them, future updates will have normal visible commit history.

+170 stars , +25 forks. people can inspect the code directly

stars dont mean anything

they do though