8 dépôts
General mechanisms for inserting custom code into the operating system kernel to modify behavior.
Distinct from Kernel Event Hooks: Broadly covers both inline and syscall table hooking, which existing candidates treat as fragmented networking or security tools.
Explore 8 awesome GitHub repositories matching operating systems & systems programming · Kernel-Level Hooking. Refine with filters or upvote what's useful.
VirtualApp is an Android application virtualization engine and user-space sandbox that enables the execution of applications within an isolated environment. It allows for the running of multiple independent instances of the same application on a single device and supports private application installation without requiring system-level root access. The project features a comprehensive hooking framework for intercepting Java and native layer functions to modify application behavior. It includes tools for hardware simulation to spoof device models and system information, as well as a non-root pr
Uses seccomp-bpf and inline hooks to filter and modify low-level kernel calls and control application behavior.
APatch is a suite of utilities for Android designed to provide kernel-level root access, manage system modules, and inject custom code into the kernel. It functions as a root tool and system module loader that allows for administrative privileges and device customization. The project distinguishes itself by injecting root capabilities directly into the kernel space to increase stealth and system-level authority. It utilizes a key-based authorization system to manage high-privilege access and prevent unauthorized administrative control of the device. The system modifies operating system behav
Modifies system behavior by inserting custom code into the kernel via inline hooks and syscall modifications.
Luma3DS is a custom firmware for the Nintendo 3DS that removes factory restrictions to enable the execution of unsigned homebrew and game modifications. It functions as a kernel-level system extension that hooks system calls to bypass hardware limitations and introduce new operating system capabilities. The project serves as a homebrew payload loader, using boot-time mechanisms to launch third-party software and custom firmware versions. It also provides a game modding framework capable of patching executable code and intercepting file requests to load custom assets and modified data. The en
Hooks system calls at the kernel level to bypass hardware restrictions and introduce new operating system capabilities.
Tetragon est une suite d'outils de sécurité et d'observabilité runtime basée sur eBPF, conçue pour les environnements Linux et Kubernetes. Il fonctionne comme un gestionnaire de politiques de sécurité, un agent d'observabilité et un moteur d'application qui s'interface avec les fonctions du noyau et les tracepoints pour détecter l'élévation de privilèges, les évasions de conteneurs et les activités système non autorisées. Le projet se distingue par sa capacité à effectuer une application des règles en temps réel au niveau du noyau, permettant de terminer de manière synchrone des processus malveillants ou de modifier les valeurs de retour des fonctions avant qu'un appel système ne soit terminé. Il offre une intégration Kubernetes poussée en synchronisant les identités des conteneurs et en mappant les événements noyau de bas niveau directement aux pods et aux namespaces. Ses capacités plus larges couvrent l'audit complet des appels système, le suivi des connexions réseau et la surveillance de l'intégrité des fichiers. Le système prend en charge la gestion dynamique des politiques et fournit des outils de diagnostic pour surveiller les performances et l'utilisation des ressources BPF. Le déploiement est pris en charge sur les clusters Kubernetes via des charts Helm, ainsi que via des conteneurs autonomes et des paquets système natifs.
Executes code by dynamically hooking into any kernel function or system call to observe internal state.
EQGRP est un framework de cheval de Troie d'accès à distance et un toolkit de post-exploitation. Il fournit une infrastructure de commande et de contrôle centralisée pour déployer des implants persistants et gérer des agents distants à travers divers systèmes d'exploitation. Le projet inclut des outils pour l'évasion forensique numérique, tels que la modification des journaux système et des horodatages du système de fichiers pour supprimer les traces d'exécution. Il dispose d'un système d'interception réseau pour capturer et reconstruire les flux de données en se connectant à la racine du système, ainsi que des exploits conçus pour l'élévation de privilèges du noyau afin d'élever les permissions de processus vers une racine administrative. Le toolkit couvre un large éventail de capacités, incluant l'exécution de code à distance, le packing de shellcode pour l'évasion de signature, et l'exfiltration et l'analyse des journaux d'appareils mobiles et des enregistrements de télécommunications. Il fournit également des utilitaires pour lier les ports réseau et parcourir les archives déchiffrées.
Implements low-level kernel hooking to intercept and reconstruct network data streams at the system root.
GodEye is a runtime instrumentation tool and observability framework for Swift mobile applications. It functions as a mobile application debugger and in-process diagnostic overlay, providing a visual interface rendered directly over active applications to monitor metrics and inspect system states without requiring changes to the original source code. The framework enables real-time analysis through a suite of debugging workflows. It captures diagnostic data using method swizzling and system-level hooking to intercept function calls and monitor internal application behavior. The tool covers s
Diverts low-level OS function calls to capture internal system state and monitor application behavior.
Lilu is a kernel patching engine and runtime code injection framework designed to modify kernel drivers and libraries in memory. It functions as an operating system customization framework that intercepts function calls and redirects execution flow within the kernel to resolve hardware compatibility issues and adjust system stability. The project employs a modular platform that allows for the injection of code and the modification of system libraries during the boot process without altering files on disk. It utilizes a plugin-based extension architecture and a standardized API interface to lo
Serves as a framework for inserting custom code into the operating system kernel to modify its runtime behavior.
KernelSU-Next is a kernel-level framework designed to provide administrative privileges and granular access control on the Android operating system. By integrating directly into the kernel during the build process, the project enables superuser management and system-wide modifications through kernel-level patching and system call interception. The framework distinguishes itself by utilizing non-persistent file system overlays, which allow for system partition modifications and module injection without altering underlying read-only storage blocks. This approach facilitates dynamic functionalit
Intercepts system calls within kernel memory space to redirect execution flow for administrative management.