8 repositorios
General mechanisms for inserting custom code into the operating system kernel to modify behavior.
Distinct from Kernel Event Hooks: Broadly covers both inline and syscall table hooking, which existing candidates treat as fragmented networking or security tools.
Explore 8 awesome GitHub repositories matching operating systems & systems programming · Kernel-Level Hooking. Refine with filters or upvote what's useful.
VirtualApp is an Android application virtualization engine and user-space sandbox that enables the execution of applications within an isolated environment. It allows for the running of multiple independent instances of the same application on a single device and supports private application installation without requiring system-level root access. The project features a comprehensive hooking framework for intercepting Java and native layer functions to modify application behavior. It includes tools for hardware simulation to spoof device models and system information, as well as a non-root pr
Uses seccomp-bpf and inline hooks to filter and modify low-level kernel calls and control application behavior.
APatch is a suite of utilities for Android designed to provide kernel-level root access, manage system modules, and inject custom code into the kernel. It functions as a root tool and system module loader that allows for administrative privileges and device customization. The project distinguishes itself by injecting root capabilities directly into the kernel space to increase stealth and system-level authority. It utilizes a key-based authorization system to manage high-privilege access and prevent unauthorized administrative control of the device. The system modifies operating system behav
Modifies system behavior by inserting custom code into the kernel via inline hooks and syscall modifications.
Luma3DS is a custom firmware for the Nintendo 3DS that removes factory restrictions to enable the execution of unsigned homebrew and game modifications. It functions as a kernel-level system extension that hooks system calls to bypass hardware limitations and introduce new operating system capabilities. The project serves as a homebrew payload loader, using boot-time mechanisms to launch third-party software and custom firmware versions. It also provides a game modding framework capable of patching executable code and intercepting file requests to load custom assets and modified data. The en
Hooks system calls at the kernel level to bypass hardware restrictions and introduce new operating system capabilities.
Tetragon es un conjunto de herramientas de observabilidad y seguridad en tiempo de ejecución basado en eBPF, diseñado para entornos Linux y Kubernetes. Funciona como un gestor de políticas de seguridad, agente de observabilidad y motor de cumplimiento que se conecta a funciones del kernel y tracepoints para detectar escalada de privilegios, escapes de contenedores y actividad no autorizada en el sistema. El proyecto se distingue por su capacidad de realizar cumplimiento en tiempo de ejecución dentro del kernel, lo que le permite terminar procesos maliciosos de forma síncrona o modificar los valores de retorno de funciones antes de que se complete una llamada al sistema. Ofrece una integración profunda con Kubernetes al sincronizar las identidades de los contenedores y mapear eventos de bajo nivel del kernel directamente a pods y namespaces. Sus capacidades más amplias cubren la auditoría integral de llamadas al sistema, el seguimiento de conexiones de red y el monitoreo de la integridad de archivos. El sistema admite la gestión dinámica de políticas y proporciona herramientas de diagnóstico para monitorear el rendimiento y la utilización de recursos de BPF. El despliegue es compatible con clústeres de Kubernetes mediante Helm charts, así como a través de contenedores independientes y paquetes nativos del sistema operativo.
Executes code by dynamically hooking into any kernel function or system call to observe internal state.
EQGRP es un framework de troyano de acceso remoto y kit de herramientas de post-explotación. Proporciona una infraestructura centralizada de comando y control para desplegar implantes persistentes y gestionar agentes remotos en diversos sistemas operativos. El proyecto incluye herramientas para la evasión forense digital, como la modificación de registros del sistema y marcas de tiempo del sistema de archivos para eliminar rastros de ejecución. Cuenta con un sistema de interceptación de red para capturar y reconstruir flujos de datos mediante hooks en el root del sistema, así como exploits diseñados para la escalada de privilegios del kernel para elevar los permisos de proceso a root administrativo. El kit de herramientas cubre una amplia gama de capacidades, incluyendo ejecución remota de código, empaquetado de shellcode para evasión de firmas, y la exfiltración y análisis de registros de dispositivos móviles y registros de telecomunicaciones. También proporciona utilidades para enlazar puertos de red y navegar por archivos descifrados.
Implements low-level kernel hooking to intercept and reconstruct network data streams at the system root.
GodEye is a runtime instrumentation tool and observability framework for Swift mobile applications. It functions as a mobile application debugger and in-process diagnostic overlay, providing a visual interface rendered directly over active applications to monitor metrics and inspect system states without requiring changes to the original source code. The framework enables real-time analysis through a suite of debugging workflows. It captures diagnostic data using method swizzling and system-level hooking to intercept function calls and monitor internal application behavior. The tool covers s
Diverts low-level OS function calls to capture internal system state and monitor application behavior.
Lilu is a kernel patching engine and runtime code injection framework designed to modify kernel drivers and libraries in memory. It functions as an operating system customization framework that intercepts function calls and redirects execution flow within the kernel to resolve hardware compatibility issues and adjust system stability. The project employs a modular platform that allows for the injection of code and the modification of system libraries during the boot process without altering files on disk. It utilizes a plugin-based extension architecture and a standardized API interface to lo
Serves as a framework for inserting custom code into the operating system kernel to modify its runtime behavior.
KernelSU-Next is a kernel-level framework designed to provide administrative privileges and granular access control on the Android operating system. By integrating directly into the kernel during the build process, the project enables superuser management and system-wide modifications through kernel-level patching and system call interception. The framework distinguishes itself by utilizing non-persistent file system overlays, which allow for system partition modifications and module injection without altering underlying read-only storage blocks. This approach facilitates dynamic functionalit
Intercepts system calls within kernel memory space to redirect execution flow for administrative management.