19 dépôts
Capturing function calls to execute additional code or modify return values before the original caller receives them.
Distinct from Function Call Tracking: Existing candidates focus on mapping, invocation, or testing spies, not the behavioral interception logic.
Explore 19 awesome GitHub repositories matching software engineering & architecture · Dynamic Function Interception. Refine with filters or upvote what's useful.
LSPosed is an Android runtime hooking framework and in-memory code modifier. It functions as a system hooking tool that intercepts and modifies system and application methods in memory to change behavior without altering original installation files. The project provides a standardized interface through the Xposed Module API, allowing for the development of plugins that alter the behavior of the Android operating system and installed applications. The framework covers a range of capabilities including runtime function interception, Android system debugging, and application customization. Thes
Implements a system to capture function calls and modify return values at runtime.
Aspects is an aspect-oriented programming library and method hooking framework designed for intercepting and modifying JavaScript function behavior without altering the original source code. It serves as a runtime logic injector that allows for the addition and removal of executable code wrappers from active functions. The library enables the injection of custom logic before or after methods to change application behavior at runtime. It further provides the ability to intercept method calls to capture or override return values before they reach the caller. The framework manages these interce
Captures function calls to execute additional code or modify return values before they reach the original caller.
Chromatic is a Chromium runtime modifier and JavaScript engine injector designed to alter the low-level operational characteristics of Chromium and its embedded V8 engine. It functions as a tool for injecting custom logic into the V8 JavaScript engine to change application behavior at runtime. The project provides mechanisms for browser engine instrumentation and V8 runtime manipulation. It enables the modification of the internal execution flow of JavaScript within Chromium-based environments to extend native browser capabilities or bypass standard limitations.
Intercepts internal engine functions by replacing instruction pointers with jumps to custom logic handlers.
Xposed is a native Android runtime hooking framework and instrumentation tool. It provides a modified version of the Android app process binary to intercept and modify the behavior of system and application processes at the binary level. The framework enables Android operating system customization by altering internal function calls and runtime execution flow. It achieves this through native process instrumentation, allowing for the modification of functionality without altering original application files. The tool covers several low-level capabilities, including native library injection and
Redirects execution flow from original system functions to custom handlers using native memory manipulation.
r0capture is a tool for intercepting network traffic from Android applications. It serves as a traffic interceptor, packet sniffer, and client certificate exporter used to analyze application-layer communication on Android devices. The project provides mechanisms to bypass SSL pinning and certificate validation, allowing the decryption of encrypted traffic without modifying device trust stores. It also enables the extraction of client-side certificates from application memory for saving to local device storage. Captured network data is serialized into PCAP files to support offline protocol a
Captures plaintext network data by intercepting specific sending and receiving functions at runtime.
OpenLLMetry is an OpenTelemetry-based observability framework and instrumentation library for generative AI applications. It provides toolsets for tracing and monitoring large language model workflows, capturing telemetry from model providers, agent frameworks, and vector databases using standardized semantic conventions. The project distinguishes itself by providing a specialized evaluation and experimentation suite that associates user feedback and prompt version hashes with specific execution traces. It includes a system for tracking model reasoning paths and enforcing security guardrails
Injects monitoring logic around AI library calls to automatically record inputs, outputs, and token usage.
Detours is a library for intercepting Win32 API calls and redirecting function calls at runtime on Windows, enabling binary-level instrumentation without requiring access to the original source code. It functions as an API hooking library and binary instrumentation toolkit, allowing developers to monitor or modify the behavior of compiled Windows binaries by hooking into their function execution paths. The project achieves this through detour-based function interception, where the first few instructions of a target function are replaced with a jump to a user-supplied detour function, while pr
Replaces function entry instructions with jumps to detour functions, preserving original bytes for trampoline calls.
Tape est un framework de test et une bibliothèque d'assertions JavaScript qui sert d'exécuteur de tests pour Node.js et les environnements de navigateur. Il implémente le Test Anything Protocol pour fournir un format standardisé et lisible par machine pour les résultats de tests. Le projet fonctionne comme un harnais de test multi-environnement, permettant aux mêmes suites de tests d'être exécutées à la fois dans des environnements côté serveur et côté client tout en maintenant un protocole de sortie cohérent. Ses fonctionnalités incluent la validation de l'égalité des valeurs et de la véracité, la vérification de la gestion des exceptions et la coordination des flux de travail asynchrones. Le framework fournit également des outils pour gérer les cycles de vie des tests, définir des cas de test nommés et capturer les appels de fonction ou l'accès aux propriétés. L'interface en ligne de commande prend en charge la découverte de tests basée sur des glob, le préchargement de modules et la possibilité d'exclure des fichiers ou dossiers spécifiques de l'exécution.
Implements mechanisms to capture function calls and arguments for test verification.
unidbg est un framework pour émuler et déboguer des binaires natifs ARM32 et ARM64 sur une machine hôte. Il sert de débogueur de binaires Android et iOS et d'émulateur de bibliothèque native, permettant l'exécution de code natif sans avoir besoin de matériel physique. Le projet se distingue par un framework de hooking de fonctions natives et un outil de débogage Model Context Protocol qui expose l'état de l'émulateur aux assistants IA pour une analyse binaire automatisée. Il inclut également un analyseur de mémoire spécialisé pour suivre les allocations côté invité et identifier les fuites dans les binaires natifs. La suite d'outils couvre plusieurs domaines de capacités, incluant l'ingénierie inverse de code natif, le traçage d'exécution au niveau des instructions et la simulation de pont JNI. Elle offre une observabilité via des logs de lecture/écriture mémoire et un débogueur console, tout en utilisant un pooling d'émulateurs thread-safe pour réduire la surcharge d'initialisation.
Implements dynamic function interception by overwriting native instructions to redirect execution flow.
Dobby est un framework de hooking de fonction dynamique et un outil d'instrumentation binaire conçu pour intercepter et rediriger les appels de fonction dans des binaires compilés. Il sert de bibliothèque multiplateforme et multi-architecture qui fournit une interface unifiée pour modifier le flux d'exécution des programmes à travers différents systèmes d'exploitation et architectures CPU. La bibliothèque permet l'instrumentation binaire de bas niveau et l'instrumentation d'application au moment de l'exécution en injectant des gestionnaires personnalisés dans des processus vivants. Elle est utilisée pour l'ingénierie inverse logicielle afin d'observer le flux de données en temps réel et la logique en hookant des fonctions internes. Le framework couvre le patch binaire, la résolution de symboles au moment de l'exécution et la génération de trampolines dynamiques. Il gère les protections mémoire spécifiques à la plateforme et mappe les requêtes de hook génériques en opcodes spécifiques à l'architecture pour rediriger l'exécution via un hooking basé sur les instructions.
Implements a low-level framework for intercepting and redirecting function calls in compiled binaries.
Freezegun is a Python time mocking library and system clock emulator used to freeze the system clock to a fixed date and time. It serves as a testing utility to ensure that time-dependent logic produces consistent and predictable results during software verification. The library provides an asyncio compatible mock that preserves real monotonic clock values to prevent event loops from hanging while other system time functions remain frozen. It supports simulating the passage of time through manual clock advancement, jumping to designated dates, or using a ticking clock simulation that incremen
Intercepts calls to the datetime and time modules to route them to a central mocked state.
Ce dépôt est une collection de défis de codage JavaScript et un guide d'entretien complet. Il fournit des implémentations de référence et des exemples éducatifs conçus pour aider les développeurs à maîtriser les fondamentaux du langage et à se préparer aux entretiens techniques. Le projet couvre un large éventail d'implémentations spécialisées, incluant des modèles de programmation fonctionnelle comme le currying et l'application partielle, ainsi que des modèles asynchrones pour le contrôle de la concurrence. Il inclut également des exemples pratiques de manipulation du Document Object Model (DOM) et l'implémentation de structures de données courantes telles que les piles et les files d'attente. Globalement, la collection couvre des fonctionnalités avancées du langage, des implémentations de modèles de conception et la manipulation de structures de données. Elle aborde une surface qui inclut la programmation asynchrone, l'interaction DOM, les modèles de création orientés objet et les opérations primitives de bas niveau.
Uses JavaScript proxies to intercept and monitor function calls without modifying original source code.
REFramework is a runtime modding framework for games built on the RE Engine, providing a C# plugin system with typed proxy code generation, a Lua scripting interface, an ImGui-based UI system, a runtime debugging toolkit, and a VR integration layer. At its core, it intercepts and modifies internal game engine functions and state at runtime through hooking and scripting APIs, enabling deep inspection and manipulation of live game objects. The framework distinguishes itself through typed proxy code generation that auto-creates C# interfaces from the game's type database, giving compile-time saf
Hooks into game engine methods at runtime to intercept, inspect, and modify function calls.
ScyllaHide est un plugin de contournement d'anti-débogage et un outil de rétro-ingénierie conçu pour masquer un débogueur à une application cible. Il fonctionne comme une bibliothèque de hooking d'API en mode utilisateur et un framework d'injection de DLL qui empêche les programmes de se détecter et de se fermer lorsqu'ils sont analysés. Le projet permet l'analyse de logiciels malveillants et l'étude de logiciels protégés en neutralisant les défenses de sécurité. Il y parvient en interceptant et en modifiant les réponses des bibliothèques système pour tromper les applications sur leur environnement d'exécution. L'utilitaire emploie plusieurs méthodes techniques pour maintenir la furtivité, notamment le hooking d'API inline, le proxying d'appels système et le patching du bloc d'environnement de processus (PEB). Il gère également les traps en mode utilisateur et utilise la redirection de bibliothèques dynamiques pour filtrer les réponses d'API sensibles.
Uses detour-based inline API hooking to intercept and modify system calls.
HyperDbg is a hardware-assisted kernel-mode debugging platform that leverages virtualization to monitor and control system execution. By utilizing hypervisor-level primitives, it enables deep system analysis and instrumentation without relying on standard operating system debugging interfaces. The framework provides a comprehensive environment for inspecting both kernel and user-mode processes, allowing for granular control over execution flow and system state. The project distinguishes itself through a transparent debugging layer designed to remain invisible to the target environment. It emp
Hooks specific system or application functions to capture arguments and execution state for analysis.
This project is a JavaScript-based plugin framework for the Typora markdown editor. It provides a development platform to integrate custom functional logic, UI elements, and keyboard shortcuts into the editor environment. The framework distinguishes itself by offering a JSON-RPC remote interface, allowing external programs to control the editor and trigger plugin functions. It also includes a dedicated publishing system to export and upload markdown documents to external blogging platforms via API requests. The project covers a wide range of capabilities, including editor workflow automation
Implements a system for intercepting internal software functions to modify arguments or return values via hooks.
Premake is a build system generator and cross-platform build configuration tool. It functions as a scripting engine that transforms scripted workspace definitions into native project files for multiple build toolsets and compilers. Additionally, it can generate JSON-formatted compilation databases for use with language servers and static analysis tools. The project distinguishes itself through a programmable runtime that allows for internal function hooking and the interception of build logic. This extensibility enables users to create custom toolset generators, implement modular extensions f
Provides a mechanism to intercept internal functions and modify the project generation sequence at runtime.
Piko is a collection of specialized Android utilities designed for binary patching, user interface customization, media downloading, and application debugging. It functions as an APK modification framework that alters application metadata and binary resources to modify internal logic and bypass version locks. The project differentiates itself through deep application modification capabilities, including bytecode-level instruction patching, DEX file manipulation, and a dynamic hooking engine. It enables the overriding of resource files and the injection of permissions via the application manif
Features a dynamic hooking engine that intercepts function calls at runtime to redirect logic.
rdpwrap is a set of system utilities and services designed to enable, configure, and manage remote desktop protocol access and video compression settings. It functions as a service and manager that allows remote desktop connections on operating system versions where the feature is restricted or disabled by the vendor. The project provides tools to override system-level restrictions for remote access and activate remote desktop protocol services on unsupported versions. It includes a configuration tool for managing H.264 video compression and encoding settings to balance visual quality, networ
Implements dynamic function interception to redirect operating system execution flow for enabling restricted features.