zerosum0x0/WinREPL is similar to yrp604/rappel (Linux) and Tyilo/asm_repl (Mac), but with a slightly different methodology that should allow for tricks such as self-modifying shellcode crypting/encoding. There is also enferex/asrepl for a Unicorn (emulated) version, but WinREPL is completely native inside a Windows process context.
WinREPL is a debugger (parent process) that hollows out a copy of itself (child process).
– Parent process retrieves input from the user
– Machine code is generated with the ASMTK library
– Resulting bytes are written to a child process thread context
– Child process thread is resumed
– Parent process polls for debug events