6 Repos
Intercepting function calls within shared libraries to capture data before it is processed or encrypted.
Distinguishing note: The candidates focus on specific encryption libraries or LLM functions; this is a general system-level hooking mechanism for auditing.
Explore 6 awesome GitHub repositories matching operating systems & systems programming · Library Function Hooking. Refine with filters or upvote what's useful.
Ecapture is a suite of specialized auditing tools designed to capture plaintext database queries, log executed shell commands, forward packet captures, and decrypt TLS traffic. The system extracts plaintext content from encrypted communications and TLS master secrets without requiring CA certificates. It further monitors data interactions by capturing SQL queries from database instances and recording commands from shell environments for host-level auditing. The toolset includes capabilities for network traffic analysis, exporting captured data to pcapng files, and forwarding events to extern
Uses library-level hooking to intercept and extract plaintext data from encryption and database libraries.
This project is a set of extensions for the WeChat macOS application designed to modify client behavior and unlock hidden features. It functions as a client modification framework and a multi-account manager, allowing users to launch and operate several independent instances of the application on a single machine. The tool distinguishes itself through deep integration with the operating system, enabling the execution of macOS system commands and remote administration via incoming chat messages. It also provides productivity extensions that connect chat lists and conversation histories to exte
Uses symbol-based function hooking to locate internal logic and trigger automated replies and state changes.
MonkeyDev is a developer toolset for building, injecting, and deploying system extensions and custom dynamic libraries into mobile applications. It functions as an application patching tool and dynamic library injector designed to modify how mobile applications operate. The project provides a development environment for creating system extensions and tweaks, including tools for injecting libraries into decrypted binaries to enable debugging and symbol restoration on non-jailbroken hardware. It features a command-line interface for deploying hooks into system processes and third-party applicat
Implements system-level function hooking to intercept and modify internal calls in real-time.
Safetynet-fix is a tool for Android device attestation designed to bypass hardware and software integrity checks. Its primary purpose is to achieve Google SafetyNet compliance on devices with unlocked bootloaders, allowing software that requires specific security profiles to run on modified systems. The project provides compatibility for rooted devices, specifically ensuring that banking and payment applications remain functional while maintaining root access. It manages the Magisk environment configuration to maintain these security-sensitive application requirements. The system utilizes va
Implements system-level library function hooking to intercept and spoof device attestation responses.
Dieses Projekt ist eine Bildungsressource, die ein umfassendes Entwicklungs-Tutorial zum Schreiben und Laden von eBPF-Programmen unter Verwendung von C, Go und Rust innerhalb des Linux-Kernels bietet. Es dient als technischer Leitfaden für die Entwicklung benutzerdefinierter Logik zur direkten Ausführung im Kernel. Die Materialien decken spezialisierte Bereiche ab, einschließlich Kernel-Observability und Tracing, Sicherheitsimplementierung für Intrusion-Detection und High-Performance-Network-Engineering für Paketfilterung und Load Balancing. Es enthält zudem dedizierte Handbücher für Linux-Kernel-Tracing und die Verwendung von kprobes, uprobes und tracepoints. Das Projekt umfasst ein breites Spektrum an Funktionsbereichen, wie Kernel-Instrumentierung, Systemüberwachung und Observability, Netzwerkanalyse und Sicherheitsdurchsetzung. Es erstreckt sich zudem auf Hardware-Level-Debugging für GPUs und Treiber sowie auf Low-Level-Systemmanipulation und Ressourcenmanagement.
Intercepts function calls within shared libraries via uprobes to aggregate data without restarting processes.
frida-ios-dump is a tool that extracts decrypted IPA files from jailbroken iOS devices using the Frida instrumentation framework. It functions as a memory dumper and extraction utility to obtain application binaries directly from device memory. The project enables the retrieval of decrypted application files using either a display name or a bundle identifier. It combines these dumped binaries with extracted metadata and assets to assemble a standard distributable application package. The tool covers a technical surface including process injection, dynamic library hooking, and memory-based bi
Implements system-level function hooking to intercept C functions and trigger binary decryption.