5 dépôts
Intercepting function calls within shared libraries to capture data before it is processed or encrypted.
Distinguishing note: The candidates focus on specific encryption libraries or LLM functions; this is a general system-level hooking mechanism for auditing.
Explore 5 awesome GitHub repositories matching operating systems & systems programming · Library Function Hooking. Refine with filters or upvote what's useful.
Ecapture is a suite of specialized auditing tools designed to capture plaintext database queries, log executed shell commands, forward packet captures, and decrypt TLS traffic. The system extracts plaintext content from encrypted communications and TLS master secrets without requiring CA certificates. It further monitors data interactions by capturing SQL queries from database instances and recording commands from shell environments for host-level auditing. The toolset includes capabilities for network traffic analysis, exporting captured data to pcapng files, and forwarding events to extern
Uses library-level hooking to intercept and extract plaintext data from encryption and database libraries.
This project is a set of extensions for the WeChat macOS application designed to modify client behavior and unlock hidden features. It functions as a client modification framework and a multi-account manager, allowing users to launch and operate several independent instances of the application on a single machine. The tool distinguishes itself through deep integration with the operating system, enabling the execution of macOS system commands and remote administration via incoming chat messages. It also provides productivity extensions that connect chat lists and conversation histories to exte
Uses symbol-based function hooking to locate internal logic and trigger automated replies and state changes.
MonkeyDev is a developer toolset for building, injecting, and deploying system extensions and custom dynamic libraries into mobile applications. It functions as an application patching tool and dynamic library injector designed to modify how mobile applications operate. The project provides a development environment for creating system extensions and tweaks, including tools for injecting libraries into decrypted binaries to enable debugging and symbol restoration on non-jailbroken hardware. It features a command-line interface for deploying hooks into system processes and third-party applicat
Implements system-level function hooking to intercept and modify internal calls in real-time.
Safetynet-fix is a tool for Android device attestation designed to bypass hardware and software integrity checks. Its primary purpose is to achieve Google SafetyNet compliance on devices with unlocked bootloaders, allowing software that requires specific security profiles to run on modified systems. The project provides compatibility for rooted devices, specifically ensuring that banking and payment applications remain functional while maintaining root access. It manages the Magisk environment configuration to maintain these security-sensitive application requirements. The system utilizes va
Implements system-level library function hooking to intercept and spoof device attestation responses.
Ce projet est une ressource éducative fournissant un tutoriel de développement complet pour écrire et charger des programmes eBPF en utilisant C, Go et Rust au sein du noyau Linux. Il sert de guide technique pour développer une logique personnalisée à exécuter directement dans le noyau. Les matériaux couvrent des domaines spécialisés, notamment l'observabilité et le traçage du noyau, l'implémentation de la sécurité pour la détection d'intrusion et l'ingénierie réseau haute performance pour le filtrage de paquets et l'équilibrage de charge. Il inclut également des manuels dédiés pour le traçage du noyau Linux et l'utilisation de kprobes, uprobes et tracepoints. Le projet englobe un large éventail de domaines de capacités, tels que l'instrumentation du noyau, la surveillance et l'observabilité du système, l'analyse réseau et l'application de la sécurité. Il s'étend en outre au débogage au niveau matériel pour les GPU et les pilotes, ainsi qu'à la manipulation système de bas niveau et à la gestion des ressources.
Intercepts function calls within shared libraries via uprobes to aggregate data without restarting processes.