17 repository-uri
Capabilities for overwriting memory addresses with new machine code to alter program behavior.
Distinct from Binary Analysis Capabilities: Candidates focus on binary standards or analysis, not the act of overwriting bytes for patching.
Explore 17 awesome GitHub repositories matching operating systems & systems programming · Binary Instruction Patching. Refine with filters or upvote what's useful.
pwndbg is a GDB plugin and binary analysis framework designed for reverse engineering, exploit development, and low-level program analysis. It extends the core functionality of the debugger to provide advanced memory inspection and automation tools. The project distinguishes itself with specialized capabilities for heap analysis across glibc, jemalloc, and musl, as well as a comprehensive kernel debugging toolkit for inspecting Linux kernel tasks and slab allocators. It includes an integrated ROP gadget searcher for constructing exploit chains and an LLM-powered debugging assistant that provi
Allows modifying instructions in memory by applying hex bytes or specific code changes to alter program behavior.
DuckStation is a high-performance PlayStation 1 emulator that simulates the original console's hardware logic and CPU and GPU on modern computer systems. It functions as a console hardware emulator, disc image loader, and game state manager to execute original games and preserve retro software. The project differentiates itself through a game graphics upscaler that improves visual clarity using texture filtering, geometry precision corrections, and custom shader chains. It also features advanced memory manipulation tools for layered patch injection and the application of community cheat codes
Supports overwriting memory addresses with external patch files to modify game behavior.
Open-Shell-Menu is a Windows shell extension and UI restorer designed to replace modern system interfaces with traditional styles. It functions as a start menu replacement and a customization tool for the Windows file manager and other system applications. The project restores legacy hierarchical navigation to the start menu and reinstates classic visual elements, such as traditional title bars and copy dialogs. It specifically targets the restoration of legacy toolbars and status bars within the file manager and introduces traditional interface elements to web browser windows.
Modifies binary instructions in active system memory to disable modern UI elements and enable legacy views.
GEF is a Python-based extension for GDB that serves as a framework for binary analysis, exploit development, and low-level debugging. It functions as a dynamic analysis extension designed to assist in reverse engineering workflows and malware analysis by enhancing the debugger's ability to inspect process state and memory. The project is distinguished by its specialized heap analysis tools, which allow for the inspection of glibc heap arenas, bins, and chunks to detect memory corruption. It also provides a dedicated toolkit for exploit development, including cyclic pattern generation for offs
Replaces specific memory addresses with NOP instructions to neutralize code during dynamic analysis.
N64Recomp is a static recompiler and binary-to-C translator designed to convert Nintendo 64 machine code and MIPS architecture binaries into C source code. This system functions as a game console decompiler that enables the native execution of legacy binaries on modern platforms by eliminating the need for runtime interpreters. The project distinguishes itself by translating specialized RSP microcode into executable source code to replace traditional microcode emulation. It employs a system of relocation macros and lookup tables to resolve relocatable memory overlays and dynamic program secti
Provides capabilities to modify specific instructions or replace entire functions using a configuration file.
Zelda64Recomp is a native game recompilation project that translates legacy binary machine code into modern machine code. It functions as a native hardware port and a static recompiled binary, executing original game logic directly on modern CPUs and GPUs to run without an emulator. The project serves as a moddable game engine, providing a framework to apply community texture packs and code patches to the recompiled title. It includes native hardware porting capabilities that remove emulator overhead to improve stability and frame rate control. The software covers retro game modernization th
Modifies original binary instructions and memory addresses to fix crashes and optimize performance for modern hardware.
This project is an Xcode runtime code injector and developer productivity tool. It enables the injection of Swift and Objective-C code changes into a running application without requiring a process restart, functioning as a hot module replacement tool for iOS development. The tool provides a dynamic UI debugger for reloading storyboards and tuning visual parameters in real time. It allows for the recompilation of individual classes and the binding of new implementations into a live process, avoiding full project rebuilds. The system covers runtime injection capabilities, including automated
Modifies object files during build to remove private flags allowing external access to global symbols.
Luma3DS is a custom firmware for the Nintendo 3DS that removes factory restrictions to enable the execution of unsigned homebrew and game modifications. It functions as a kernel-level system extension that hooks system calls to bypass hardware limitations and introduce new operating system capabilities. The project serves as a homebrew payload loader, using boot-time mechanisms to launch third-party software and custom firmware versions. It also provides a game modding framework capable of patching executable code and intercepting file requests to load custom assets and modified data. The en
Implements binary patching during the loading process to disable software signatures and enable unsigned code execution.
Detours is a library for intercepting Win32 API calls and redirecting function calls at runtime on Windows, enabling binary-level instrumentation without requiring access to the original source code. It functions as an API hooking library and binary instrumentation toolkit, allowing developers to monitor or modify the behavior of compiled Windows binaries by hooking into their function execution paths. The project achieves this through detour-based function interception, where the first few instructions of a target function are replaced with a jump to a user-supplied detour function, while pr
Allocates executable memory pages near target functions to store trampoline code within 32-bit displacement limits.
A True Instrumentable Binary Emulation Framework
Modifies executable code and library behavior on-the-fly during emulation for testing and analysis.
Elder driver Xposed Framework.
Provides the trampoline-based hooking engine specifically for ART method entry point replacement.
Dobby este un framework dinamic de hooking al funcțiilor și un instrument de instrumentare binară conceput pentru a intercepta și redirecționa apelurile de funcții în binare compilate. Servește drept bibliotecă cross-platform și cross-architecture care oferă o interfață unificată pentru modificarea fluxului de execuție a programelor pe diferite sisteme de operare și arhitecturi CPU. Biblioteca permite instrumentarea binară de nivel scăzut și instrumentarea aplicațiilor la runtime prin injectarea de handler-e personalizate în procesele live. Este utilizată pentru ingineria inversă a software-ului pentru a observa fluxul de date în timp real și logica prin hooking-ul funcțiilor interne. Framework-ul acoperă patching-ul binar, rezolvarea simbolică la runtime și generarea de trampolines dinamice. Gestionează protecțiile de memorie specifice platformei și mapează cererile generice de hook în opcode-uri specifice arhitecturii pentru a redirecționa execuția prin hooking bazat pe instrucțiuni.
Implements a hooking engine that uses dynamic trampolines to redirect execution to custom handlers.
LoadLibrary is a binary instrumentation framework that loads and executes Windows PE/COFF DLLs natively within Linux processes. It provides a cross-platform binary execution layer that maps Windows portable executable files into Linux memory, resolving imports and relocations so that exported functions can be called as if they were native Linux library routines. The framework enables runtime interception and modification of Windows DLL function behavior, including redirecting API calls to Linux-native implementations through a binary patching hook engine. It includes a code coverage auditor t
Intercepts function calls by disassembling target code and inserting trampolines that redirect execution to custom handlers.
OffensiveNim is a red teaming framework and post-exploitation toolkit developed in Nim. It provides a collection of low-level primitives and a Windows API wrapper designed for offensive security operations, including malware development and shellcode loading. The project focuses on evasion and obfuscation through techniques such as API unhooking, direct system calls, and anti-debugging mechanisms. It features diverse payload delivery methods, including reflective binary loading, the execution of .NET assemblies via CLR hosting, and various shellcode injection techniques using fibers, COM obje
Implements a jump trampoline mechanism to intercept and redirect target function execution to custom handlers.
Nexmon is a suite of operational tools designed for firmware patching, ROM extraction, frame injection, and enabling monitor mode on wireless hardware. It provides utilities to modify wireless chip firmware to unlock low-level hardware capabilities not supported by official drivers. The project enables the activation of monitor mode for capturing raw network packets with radiotap headers and allows for the transmission of custom-crafted wireless frames. It includes tools for dumping the read-only memory of wireless chips to facilitate reverse engineering and analysis of hardware behavior. Th
Modifies binary chip instructions to unlock restricted hardware capabilities like monitor mode.
PS2Recomp is a static recompiler for PlayStation 2 that translates machine instructions from executable binaries into source code to enable execution on modern hardware. It functions as a binary-to-source translator and a binary analysis tool designed to facilitate the preservation of legacy software. The project distinguishes itself through a hardware emulation runtime that manages memory models and register contexts, combined with a static binary patcher for replacing raw instructions and overriding function bindings. It utilizes a specialized vector unit instruction execution system that m
Modifies specific instructions within the translated source code to resolve bugs or introduce behaviors.
Geode is a game modification SDK and mod loader for Geometry Dash. It functions as a hooking engine and UI framework that allows for the injection of dynamic libraries to alter game behavior and add new features. The toolkit distinguishes itself through a centralized mod compatibility manager and hook registry that tracks active modifications to prevent logic conflicts and application crashes. It utilizes a trampoline-based hooking engine to redirect game function calls while preserving native call stacks, alongside a dedicated UI framework for rendering custom popups and interface components
Redirects execution from original game functions to mod code while preserving the native call stack.