5 مستودعات
Intercepting function calls within shared libraries to capture data before it is processed or encrypted.
Distinguishing note: The candidates focus on specific encryption libraries or LLM functions; this is a general system-level hooking mechanism for auditing.
Explore 5 awesome GitHub repositories matching operating systems & systems programming · Library Function Hooking. Refine with filters or upvote what's useful.
Ecapture is a suite of specialized auditing tools designed to capture plaintext database queries, log executed shell commands, forward packet captures, and decrypt TLS traffic. The system extracts plaintext content from encrypted communications and TLS master secrets without requiring CA certificates. It further monitors data interactions by capturing SQL queries from database instances and recording commands from shell environments for host-level auditing. The toolset includes capabilities for network traffic analysis, exporting captured data to pcapng files, and forwarding events to extern
Uses library-level hooking to intercept and extract plaintext data from encryption and database libraries.
This project is a set of extensions for the WeChat macOS application designed to modify client behavior and unlock hidden features. It functions as a client modification framework and a multi-account manager, allowing users to launch and operate several independent instances of the application on a single machine. The tool distinguishes itself through deep integration with the operating system, enabling the execution of macOS system commands and remote administration via incoming chat messages. It also provides productivity extensions that connect chat lists and conversation histories to exte
Uses symbol-based function hooking to locate internal logic and trigger automated replies and state changes.
MonkeyDev is a developer toolset for building, injecting, and deploying system extensions and custom dynamic libraries into mobile applications. It functions as an application patching tool and dynamic library injector designed to modify how mobile applications operate. The project provides a development environment for creating system extensions and tweaks, including tools for injecting libraries into decrypted binaries to enable debugging and symbol restoration on non-jailbroken hardware. It features a command-line interface for deploying hooks into system processes and third-party applicat
Implements system-level function hooking to intercept and modify internal calls in real-time.
Safetynet-fix is a tool for Android device attestation designed to bypass hardware and software integrity checks. Its primary purpose is to achieve Google SafetyNet compliance on devices with unlocked bootloaders, allowing software that requires specific security profiles to run on modified systems. The project provides compatibility for rooted devices, specifically ensuring that banking and payment applications remain functional while maintaining root access. It manages the Magisk environment configuration to maintain these security-sensitive application requirements. The system utilizes va
Implements system-level library function hooking to intercept and spoof device attestation responses.
هذا المشروع عبارة عن مورد تعليمي يوفر برنامجاً تعليمياً شاملاً للتطوير لكتابة وتحميل برامج eBPF باستخدام C وGo وRust داخل نواة Linux. يعمل كدليل تقني لتطوير منطق مخصص للتنفيذ مباشرة في النواة. تغطي المواد مجالات متخصصة بما في ذلك مراقبة النواة والتتبع، وتنفيذ الأمان للكشف عن التسلل، وهندسة الشبكات عالية الأداء لتصفية الحزم وموازنة الحمل. كما يتضمن أدلة مخصصة لتتبع نواة Linux واستخدام kprobes وuprobes وtracepoints. يشمل المشروع مجموعة واسعة من مجالات القدرات، مثل أجهزة النواة، ومراقبة النظام، وتحليل الشبكات، وإنفاذ الأمان. كما يمتد إلى تصحيح الأخطاء على مستوى الأجهزة لوحدات معالجة الرسومات والمشغلات، بالإضافة إلى معالجة النظام منخفضة المستوى وإدارة الموارد.
Intercepts function calls within shared libraries via uprobes to aggregate data without restarting processes.