5 repository-uri
Intercepting function calls within shared libraries to capture data before it is processed or encrypted.
Distinguishing note: The candidates focus on specific encryption libraries or LLM functions; this is a general system-level hooking mechanism for auditing.
Explore 5 awesome GitHub repositories matching operating systems & systems programming · Library Function Hooking. Refine with filters or upvote what's useful.
Ecapture is a suite of specialized auditing tools designed to capture plaintext database queries, log executed shell commands, forward packet captures, and decrypt TLS traffic. The system extracts plaintext content from encrypted communications and TLS master secrets without requiring CA certificates. It further monitors data interactions by capturing SQL queries from database instances and recording commands from shell environments for host-level auditing. The toolset includes capabilities for network traffic analysis, exporting captured data to pcapng files, and forwarding events to extern
Uses library-level hooking to intercept and extract plaintext data from encryption and database libraries.
This project is a set of extensions for the WeChat macOS application designed to modify client behavior and unlock hidden features. It functions as a client modification framework and a multi-account manager, allowing users to launch and operate several independent instances of the application on a single machine. The tool distinguishes itself through deep integration with the operating system, enabling the execution of macOS system commands and remote administration via incoming chat messages. It also provides productivity extensions that connect chat lists and conversation histories to exte
Uses symbol-based function hooking to locate internal logic and trigger automated replies and state changes.
MonkeyDev is a developer toolset for building, injecting, and deploying system extensions and custom dynamic libraries into mobile applications. It functions as an application patching tool and dynamic library injector designed to modify how mobile applications operate. The project provides a development environment for creating system extensions and tweaks, including tools for injecting libraries into decrypted binaries to enable debugging and symbol restoration on non-jailbroken hardware. It features a command-line interface for deploying hooks into system processes and third-party applicat
Implements system-level function hooking to intercept and modify internal calls in real-time.
Safetynet-fix is a tool for Android device attestation designed to bypass hardware and software integrity checks. Its primary purpose is to achieve Google SafetyNet compliance on devices with unlocked bootloaders, allowing software that requires specific security profiles to run on modified systems. The project provides compatibility for rooted devices, specifically ensuring that banking and payment applications remain functional while maintaining root access. It manages the Magisk environment configuration to maintain these security-sensitive application requirements. The system utilizes va
Implements system-level library function hooking to intercept and spoof device attestation responses.
Acest proiect este o resursă educațională care oferă un tutorial de dezvoltare cuprinzător pentru scrierea și încărcarea programelor eBPF folosind C, Go și Rust în kernel-ul Linux. Servește drept ghid tehnic pentru dezvoltarea logicii personalizate care să fie executată direct în kernel. Materialele acoperă domenii specializate, inclusiv observabilitatea și trasarea kernel-ului, implementarea securității pentru detectarea intruziunilor și ingineria rețelelor de înaltă performanță pentru filtrarea pachetelor și echilibrarea sarcinii. Include, de asemenea, manuale dedicate pentru trasarea kernel-ului Linux și utilizarea kprobes, uprobes și tracepoints. Proiectul cuprinde o gamă largă de domenii de capabilități, cum ar fi instrumentarea kernel-ului, monitorizarea și observabilitatea sistemului, analiza rețelei și aplicarea securității. Se extinde în continuare la depanarea la nivel hardware pentru GPU-uri și drivere, precum și la manipularea sistemului de nivel scăzut și gestionarea resurselor.
Intercepts function calls within shared libraries via uprobes to aggregate data without restarting processes.