136 dépôts
Tools for inspecting, disassembling, and analyzing the structure of compiled binary files.
Explore 136 awesome GitHub repositories matching operating systems & systems programming · Binary Analysis Capabilities. Refine with filters or upvote what's useful.
Ghidra is a software reverse engineering suite designed to analyze compiled binaries and reconstruct program logic without access to original source code. It provides an interactive environment for disassembly and decompilation, utilizing a platform-independent intermediate representation to maintain consistency across diverse hardware architectures. The framework supports automated binary analysis through programmatic routines, enabling the investigation of complex code patterns and security indicators. The platform distinguishes itself through a modular architecture that allows for extensiv
Transforms raw machine code into human-readable assembly instructions to simplify the study of diverse hardware architectures.
ImHex is a professional-grade hex editor and binary data analysis platform designed for inspecting, modifying, and reverse engineering raw file contents. It functions as a schema-driven engine that interprets complex binary structures by applying custom definitions to map and visualize byte-level data. The platform distinguishes itself through a dedicated domain-specific language that allows users to define structural schemas for automated file parsing. This capability is supported by a dynamic plugin architecture and an event-driven registry, which enable the integration of external modules
Facilitates deep inspection of binary files through integrated byte patching and advanced pattern matching.
Geth is a comprehensive execution client for the Ethereum network, serving as a foundational node implementation that processes transactions, maintains the distributed ledger state, and participates in peer-to-peer consensus. It provides a robust infrastructure for synchronizing, validating, and serving blockchain data, utilizing a persistent Merkle Patricia Trie database to ensure the cryptographic integrity of historical records. As a sandboxed smart contract runtime, it executes bytecode according to deterministic protocol rules, enabling the deployment and interaction of decentralized appl
Geth enables high-performance tracing by registering hooks that execute directly within the node, avoiding the overhead of script interpretation during transaction execution.
Jadx is a comprehensive Java decompilation suite designed to transform compiled binary application files into readable source code. It functions as a static analysis workbench, providing a graphical interface for navigating, searching, and inspecting the internal logic of complex software packages. By utilizing a bytecode-to-Java pipeline, the project reconstructs high-level logical structures from low-level binary instructions, making it a primary tool for Android application reverse engineering. The project distinguishes itself through a sophisticated control flow reconstruction engine and
Converts compiled binary application files into readable source code for analysis and reverse engineering.
This project is a graphical Windows debugger designed for the analysis and manipulation of compiled binary applications. It functions as a comprehensive binary analysis suite, providing a real-time environment for inspecting CPU registers, monitoring memory states, and tracing instruction execution to investigate system-level software behavior. The tool distinguishes itself through an event-driven debugging loop that allows for precise process control and state modification during runtime. It supports advanced analysis techniques, including hardware-breakpoint injection for monitoring memory
Provides a comprehensive environment for reverse engineering by monitoring memory and registers.
HEUKMSActivator is a software license management tool designed to automate the registration and validation of product keys for operating systems and productivity software suites. It functions as a system configuration manager, modifying registry settings and service states to align software licensing status with specific deployment requirements. The utility distinguishes itself through low-level system manipulation, including the injection of signed drivers into memory to intercept license verification routines. It employs memory patching to bypass security checks without altering files on
Modifies executable code segments in volatile memory to bypass security checks without altering disk files.
This project is a comprehensive technical knowledge base designed to support developers in mastering systems programming and preparing for technical assessments. It provides a structured collection of fundamental computer science concepts, mapping high-level language constructs to low-level hardware memory layouts, runtime object lifecycles, and system-level operations. The repository distinguishes itself through a hierarchical approach that bridges the gap between theoretical principles and practical implementation. It offers detailed guidance on C++ language mechanisms, standard library usa
Documents cross-language interoperability and library linking mechanisms to ensure consistent communication between compiled modules.
RevokeMsgPatcher is a binary patching utility designed to modify the execution logic of desktop messaging applications. By applying low-level changes to compiled executable files and libraries, the tool enables functionality not natively supported by the original software, specifically focusing on message persistence and process management. The utility distinguishes itself through targeted binary instrumentation and control flow redirection. It identifies specific function patterns and memory offsets within proprietary software to inject custom assembly instructions. These modifications allow
Applies low-level modifications to compiled application files to change execution logic or bypass restrictions.
SheetJS is a comprehensive library for parsing, manipulating, and generating complex spreadsheet file formats. It functions as a universal data processor that maps diverse binary, XML, and text-based file structures into a unified internal object model, allowing developers to create, read, and transform workbook data programmatically. The library distinguishes itself through a portable logic layer that provides a consistent execution environment across web browsers, server-side runtimes, and native desktop or mobile applications. By utilizing stream-based processing, it handles large files in
Decodes complex legacy file structures by traversing nested record containers and bit-level data streams to reconstruct original document hierarchies.
This project is a collection of portable, header-only C functions designed for integration into software projects without complex build dependencies or external linking requirements. It provides a suite of low-level utilities for graphics, audio, and data management, focusing on direct memory manipulation and zero-dependency portability. By utilizing a single-header distribution model, the library simplifies dependency management while allowing developers to maintain full control over memory allocation and binary size through compile-time configuration. The library distinguishes itself by off
Tracks heap allocations and deallocations to identify and report memory leaks at program termination.
ExplorerPatcher is a system utility designed to modify the behavior of the Windows shell by injecting custom code into core operating system processes. It functions as a background patching tool that intercepts internal function calls and replaces modern interface components with legacy alternatives, allowing for the restoration of traditional taskbar, menu, and task switcher behaviors. The project distinguishes itself through its use of dynamic link library injection and side-by-side binary replacement to alter the desktop environment at runtime. By redirecting execution flow within the syst
Intercepts and overrides default operating system shell operations to provide extended feature sets.
BetterDisplay is a comprehensive display management utility and virtual display engine designed to provide granular control over monitor configurations. It functions as a low-level hardware controller that interacts directly with graphics drivers and system APIs to override manufacturer limitations, enabling users to manage resolution, scaling, brightness, and color profiles across complex multi-monitor setups. The project distinguishes itself through its ability to generate synthetic virtual displays and inject custom framebuffers into the graphics pipeline, allowing for arbitrary resolution
Interacts with graphics drivers to disable temporal dithering and manage pulse-width modulation thresholds.
Proton is a compatibility layer designed to enable the execution of Windows-based software on non-Windows operating systems. It functions as a controlled runtime environment that maps proprietary system calls to native kernel functions and translates graphics API commands into open-standard compute shaders. This allows applications to run without requiring modifications to their original source code. The project distinguishes itself through a robust toolchain for reproducible builds, which utilizes containerized isolation to ensure consistent binary outputs across different development enviro
Intercepts calls to external software dependencies by injecting custom code wrappers.
This is a Unix-based dotfiles repository providing a version-controlled collection of configuration files, environment variables, and shell aliases. Its primary purpose is to optimize macOS for software development by applying a curated set of system defaults and Zsh shell workflow enhancements. The project distinguishes itself through a comprehensive collection of macOS system defaults and specific configurations for the Zsh shell. It includes specialized Git workflow configurations and whitespace settings designed to standardize and accelerate version control operations across different env
Sets the assembly language flavor to Intel syntax to improve the readability of decompiled code in GDB.
LeakCanary is a diagnostic tool designed to identify memory leaks by monitoring object lifecycles and analyzing heap snapshots. It automatically detects objects that fail to be garbage collected after their expected lifespan, providing developers with actionable insights to prevent performance degradation and application crashes. The project distinguishes itself by offloading memory-intensive heap parsing to a separate background process, which minimizes performance impact on the main application during runtime. It includes sophisticated deobfuscation capabilities that map obfuscated stack tr
Automatically maps obfuscated stack traces back to original source names to simplify debugging.
QtScrcpy is a cross-platform desktop application designed for mirroring and controlling Android devices. It functions as a high-performance client that captures mobile display output and streams it to a computer monitor, enabling real-time interaction through a persistent connection. The application distinguishes itself by supporting the simultaneous management of multiple mobile devices from a single interface, allowing for batch operations and synchronized inputs. Users can map standard desktop mouse and keyboard actions to mobile touch events using custom scripts, facilitating efficient na
Provides a bridge to tunnel shell commands and input events to mobile devices without root access.
dnSpy is a specialized toolset for the reverse engineering, analysis, and modification of compiled .NET binaries. It functions as a decompiler that converts assemblies back into readable high-level source code, an assembly editor for modifying bytecode and metadata, and a debugger for inspecting compiled binaries. The project integrates a hex editor specifically for inspecting and modifying raw bytes and Common Intermediate Language structures. It allows for the direct modification of binary contents to change application behavior without requiring the original project source files. The tool
Inspects compiled binaries to understand application logic and execution flow when original source code is missing.
dnSpy is a desktop application designed for the analysis, debugging, and modification of compiled .NET assemblies. It functions as an assembly analysis suite and decompiler, translating binary instruction streams back into readable source code to facilitate reverse engineering when original source files are unavailable. The tool distinguishes itself through an integrated binary patching engine and metadata editor, which allow for the direct modification of executable logic and internal metadata tables. It supports in-process debugging instrumentation, enabling users to inject runtime hooks, s
Examines internal structure and logic of compiled software to understand functionality.
ReVanced Manager is an Android application patcher designed to modify compiled mobile binaries. It enables users to inject custom features, alter runtime behavior, and remove interface elements without requiring access to original source code. The utility distinguishes itself by performing all operations locally on the user device, ensuring privacy by avoiding external server dependencies. It automates the entire modification lifecycle, including the retrieval of application files, the application of bytecode-level patches, and the generation of new cryptographic signatures to ensure the resu
Modifies compiled Android application files by injecting custom instructions and resources directly into the binary structure.
ILSpy is a .NET decompiler and binary analyzer designed to convert compiled .NET assemblies back into readable C# source code. It functions as a metadata explorer and a common intermediate language viewer, enabling the analysis of compiled code and the execution of reverse engineering workflows. The project distinguishes itself through specialized translation capabilities, such as converting compiled binary XML (BAML) back into human-readable XAML for user interface analysis. It also provides tools for inspecting native machine code and extracting metadata from program database (PDB) files.
Pairs raw intermediate language instructions with corresponding decompiled C# statements for side-by-side comparison.