7 Repos
Techniques for reading data directly from the memory space of a running application process.
Distinct from Direct Memory Data Transfer: Existing candidates focus on Java buffers, cluster memory, or flash hardware, not extracting app state from process memory.
Explore 7 awesome GitHub repositories matching operating systems & systems programming · Process Memory Access. Refine with filters or upvote what's useful.
WeFlow is a local client extension for the WhatsApp messaging protocol. It functions as a suite of tools for decrypting media, managing chat history, and extending the core capabilities of the messaging client. The project is distinguished by its ability to block message recalls, preventing the remote deletion of sent messages to maintain a permanent record of conversations. It also includes a local messaging API that exposes internal chat capabilities via an HTTP service for use with external automation scripts and third-party tools. The software provides a chat analytics dashboard for gene
Reads chat data in real-time directly from the application process memory.
VirtualApp is an Android application virtualization engine and user-space sandbox that enables the execution of applications within an isolated environment. It allows for the running of multiple independent instances of the same application on a single device and supports private application installation without requiring system-level root access. The project features a comprehensive hooking framework for intercepting Java and native layer functions to modify application behavior. It includes tools for hardware simulation to spoof device models and system information, as well as a non-root pr
Allows reading and writing to the memory space of internal application processes without root privileges.
Objection is a dynamic instrumentation framework and runtime exploration toolkit for mobile application security analysis. It provides a command-line interface to interact with the memory and state of iOS and Android applications during active execution, serving as a toolkit for runtime analysis and security testing. The project distinguishes itself by providing specialized capabilities to bypass common mobile security controls, including SSL pinning, biometric authentication, and root or jailbreak detection. It enables the extraction of sensitive credentials and data from secure storage syst
Provides direct read and write access to the memory space of running application processes to alter object states.
LOLBAS is a curated database and knowledge base of signed Windows binaries that can be misused to bypass security restrictions and execute unauthorized code. It serves as a technical registry that maps trusted system files to their functional capabilities and the offensive tactics they enable. The project distinguishes itself by providing a capability-driven indexing system and a tactics registry that relates legitimate binary functionality to known security evasion techniques. It includes an association layer that links specific system binaries to attack patterns and tactical objectives, pro
Extracts the memory of running processes using the MiniDump function to retrieve credentials.
gops ist ein Kommandozeilen-Diagnose-Toolset zum Überwachen, Profilieren und Verwalten des Laufzeitzustands aktiver Go-Anwendungen. Es fungiert als Laufzeit-Diagnosetool, das eine fokussierte Schnittstelle zur Analyse von Speicher, Performance-Profilierung und Überwachung der Gesundheit laufender Prozesse bietet. Das Tool bietet eine Reihe spezialisierter Dienstprogramme, darunter einen Performance-Profiler zum Erfassen von CPU- und Heap-Profilen, einen Speicheranalysator zur Identifizierung von Lecks und zum Auslösen der Garbage Collection sowie einen Prozessmonitor zum Entdecken laufender Binärdateien und Visualisieren von Prozesshierarchien. Das Projekt deckt ein breites Spektrum an Diagnosefähigkeiten ab, einschließlich Laufzeit-Execution-Tracing, Stack-Trace-Erfassung und Sampling der Ressourcennutzung. Es enthält zudem Systemdienstprogramme für die Inspektion von Prozessmetadaten, Binärpfad-Auflösung und die Überwachung von Laufzeitmetriken wie Thread-Anzahl und Speicherstatistiken.
Accesses the memory space of target Go processes to read runtime statistics and trigger GC.
frida-dexdump is an Android memory forensics tool that recovers Dalvik Executable (DEX) files from running application processes using the Frida dynamic instrumentation framework. It functions as a Frida-based runtime analyzer and DEX memory dumper, capable of extracting obfuscated or packed DEX files without modifying the Android system. The tool distinguishes itself through its ability to repair corrupted or missing DEX file headers using heuristic analysis and fuzzy matching techniques. It employs fuzzy boundary detection to identify DEX file boundaries in memory even when headers are dama
Reads and iterates over the address space of a live Android application to locate executable binary blobs without filesystem access.
WindowsInternals is a CPU stress testing tool and a research project designed to illustrate the underlying mechanisms of the Windows kernel and system architecture. It functions as an educational resource for studying how the Windows operating system manages internal processes and hardware resources. The project focuses on Windows OS research and system resource profiling. It provides a collection of source code and examples used to reveal the internal workings of the operating system and monitor how it handles high processing demands to identify stability issues and performance bottlenecks.
Provides techniques for reading data directly from the virtual memory space of running processes.