6 रिपॉजिटरी
Utilities for reading and extracting data from kernel address space.
Distinct from Kernel: None of the candidates relate to reading kernel memory; they focus on filesystem mounts or custom kernel construction.
Explore 6 awesome GitHub repositories matching operating systems & systems programming · Kernel Memory Access. Refine with filters or upvote what's useful.
BCC is an eBPF development toolkit and tracing framework used for monitoring and analyzing the Linux kernel. It functions as a performance analysis tool and debugging utility to capture system events, measure kernel latency, and provide network observability. The project distinguishes itself by providing a build system that integrates with LLVM to compile C-like code into BPF bytecode at runtime. It utilizes BPF Type Format data for relocations to maintain cross-kernel compatibility and extracts kernel headers to ensure the generated programs match the specific kernel version. The toolkit co
Provides the ability to copy data or strings from kernel address space to the stack for safe processing.
pwndbg is a GDB plugin and binary analysis framework designed for reverse engineering, exploit development, and low-level program analysis. It extends the core functionality of the debugger to provide advanced memory inspection and automation tools. The project distinguishes itself with specialized capabilities for heap analysis across glibc, jemalloc, and musl, as well as a comprehensive kernel debugging toolkit for inspecting Linux kernel tasks and slab allocators. It includes an integrated ROP gadget searcher for constructing exploit chains and an LLM-powered debugging assistant that provi
Reads kernel symbols and page tables to translate virtual addresses and inspect slab allocators.
Blackbone मेमोरी स्कैनिंग, प्रोसेस इंजेक्शन और कर्नल-ड्राइवर इंटरफेस के लिए विशेष टूल्स का एक संग्रह है, जिसका उपयोग Windows निष्पादन एनवायरनमेंट में हेरफेर करने के लिए किया जाता है। यह रिमोट कोड निष्पादित करने, पोर्टेबल निष्पादन योग्य इमेजेस को मैप करने और विभिन्न प्रोसेस सीमाओं के बीच थ्रेड्स को मैनेज करने के लिए एक फ्रेमवर्क प्रदान करता है। इस प्रोजेक्ट में कर्नल मेमोरी तक पहुंचने और यूजर-मोड डिटेक्शन से एलोकेशन को छिपाने के लिए हैंडल अधिकारों को संशोधित करने के लिए एक कर्नल मेमोरी ड्राइवर शामिल है। इसमें सॉफ्टवेयर इंटरप्ट्स और हार्डवेयर ब्रेकपॉइंट्स का उपयोग करके रिमोट प्रोसेसेस में फंक्शन कॉल्स को इंटरसेप्ट करने के लिए एक लाइब्रेरी भी है। यह टूलकिट वर्चुअल मेमोरी हेरफेर में व्यापक क्षमताओं को कवर करता है, जैसे कि स्थानीय या रिमोट प्रोसेसेस में मेमोरी को पढ़ना, लिखना और एलोकेट करना। यह विशिष्ट बाइट सीक्वेंस का पता लगाने के लिए मेमोरी पैटर्न सर्चिंग और बाइनरीज को इंजेक्ट या इजेक्ट करने के लिए मॉड्यूल मैनेजमेंट के लिए यूटिलिटीज भी प्रदान करता है।
Enables reading and modifying data within the kernel address space using a privileged driver.
Aya is a Rust-native framework for writing, compiling, and loading eBPF programs into the Linux kernel. It provides a complete development environment that eliminates the need for a C toolchain or libbpf, allowing developers to work entirely within the Rust ecosystem. The framework manages the full lifecycle of eBPF programs, including async runtime integration, CO-RE BTF resolution for kernel version portability, ELF-based program loading, and safe kernel memory access. The framework distinguishes itself through its pure Rust compilation pipeline, which compiles Rust source code directly int
Copies kernel data structures into eBPF context safely to prevent page faults.
Meltdown is a set of software utilities designed to bypass kernel address randomization and dump physical memory to exploit hardware-level security vulnerabilities. It serves as a proof of concept for the Meltdown hardware vulnerability, enabling the reading of protected kernel memory on affected processors. The tool provides capabilities to identify the secret randomization offset of the direct physical map to locate kernel memory. It also includes functionality to export large segments of physical memory into hexdump format for the recovery of sensitive strings and passwords. The project c
Provides utilities for extracting sensitive data from protected kernel address spaces by bypassing architectural isolation.
This project is an educational resource providing a comprehensive development tutorial for writing and loading eBPF programs using C, Go, and Rust within the Linux kernel. It serves as a technical guide for developing custom logic to execute directly in the kernel. The materials cover specialized domains including kernel observability and tracing, security implementation for intrusion detection, and high-performance network engineering for packet filtering and load balancing. It also includes dedicated manuals for Linux kernel tracing and the use of kprobes, uprobes, and tracepoints. The pro
Implements safe memory copying from kernel structures into eBPF context to prevent system crashes.