22 repository-uri
Intercepting low-level operating system calls to validate or block operations based on security policies.
Distinct from Unprivileged System Call Interceptions: Candidates focus on specific types (unprivileged, keystore, gRPC) rather than general-purpose security policy enforcement via interception.
Explore 22 awesome GitHub repositories matching operating systems & systems programming · System-Call Interception. Refine with filters or upvote what's useful.
This project is a Node.js binary distribution repository and Linux package repository. It provides a hosted set of pre-compiled JavaScript runtime binaries for various Linux distributions to simplify installation and version management through native package managers. The project includes a Node.js observability toolset and security policy manager. These components enable the gathering of runtime telemetry to monitor application health and performance via diagnostic dashboards, while providing a resource restriction layer that intercepts system calls to prevent unauthorized modules from acces
Intercepts low-level operating system calls to validate or block operations based on security policies.
LearningNotes este o bază de cunoștințe tehnice și un ghid de studiu de inginerie axat pe internele framework-ului Android, arhitectura sistemului și optimizarea performanței mobile. Servește drept referință pentru analizarea secvenței de boot Android, bootstrapping-ul proceselor și inițializarea serviciilor de sistem. Proiectul oferă ghiduri detaliate despre performanța mobilă, inclusiv strategii pentru reducerea amprentei de memorie, identificarea scurgerilor de memorie și optimizarea decodării imaginilor. Acoperă, de asemenea, comunicarea inter-proces Android folosind AIDL și driverul de kernel Binder, precum și manuale de arhitectură software pentru decuplarea logicii de business de interfețele utilizator prin tipare precum MVVM și MVP. Dincolo de dezvoltarea mobilă, repository-ul include o bază de cunoștințe de informatică pentru pregătirea interviurilor tehnice, acoperind structuri de date, algoritmi și concepte de sistem de operare. De asemenea, dispune de o referință practică pentru controlul versiunilor Git, detaliind gestionarea repository-ului, sincronizarea și fluxurile de lucru de branching.
Implements techniques to intercept system API calls using dynamic proxies to modify runtime behavior.
libco is a C++ coroutine library and user-space task orchestrator designed for cooperative multitasking and high-concurrency execution. It functions as a high-concurrency network framework and a synchronous-to-asynchronous wrapper that allows blocking system calls and socket functions to run asynchronously without modifying existing business logic. The project utilizes a specialized stack-copying context switching model to support millions of simultaneous TCP connections on a single machine. It includes a high-performance time wheel scheduler for managing asynchronous background jobs and dela
Wraps blocking I/O and socket functions to yield execution back to the scheduler until resources become available.
WeChatRobot is a framework providing programmatic interfaces for automating messages and interactions within the WeChat ecosystem. It functions as a bot framework that enables the automation of sending and receiving messages by intercepting system processes. The project includes specialized tools for intercepting system calls and utilizing memory-based application hooking to automate workflows, including support for Enterprise WeChat. It further provides capabilities to decrypt local application databases to recover historical chat logs and user information. Additional functionality covers t
Intercepts low-level operating system calls to programmatically trigger send and receive functions.
Maybe este un simulator de execuție a comenzilor și un auditor al operațiunilor pe sistemul de fișiere. Oferă un mediu de tip dry-run care înregistrează modificările intenționate ale fișierelor fără a efectua operațiuni reale de scriere pe disc și acționează ca un strat de securitate pentru a bloca modificările neautorizate. Instrumentul interceptează apelurile de sistem pentru a previzualiza și aproba modificările sistemului de fișiere înainte ca acestea să fie comise. Utilizează o buclă de execuție cu aprobarea utilizatorului care întrerupe execuția programului până când utilizatorul consimte la operațiunile de sistem în așteptare. Sistemul acoperă previzualizarea execuției comenzilor, auditarea operațiunilor pe sistemul de fișiere și filtrarea apelurilor de sistem. Include capabilități de restricționare a modificărilor sistemului prin liste de permisiuni configurabile și extinderea logicii de filtrare prin plugin-uri.
Intercepts operating system calls to preview and approve filesystem modifications before they are committed.
LXD is a unified platform for managing both system containers and virtual machines through a single REST API and command-line interface. It provides a programmatic HTTP interface for controlling the full lifecycle of instances, enabling automation and integration with external tools. The system runs unprivileged containers with per-instance UID/GID mappings, seccomp filters, and AppArmor profiles for kernel-level isolation, while supporting multiple storage backends including directory, Btrfs, LVM, ZFS, Ceph, LINSTOR, and TrueNAS through a unified driver interface. The platform distinguishes
Redirects selected kernel calls inside containers to custom handlers for compatibility and resource control.
Box64 este un runtime cross-architecture și un strat de emulare user-mode care permite software-ului Linux și Windows să ruleze pe hardware non-nativ. Funcționează ca un emulator de instrucțiuni x86-64 și traducător binar, executând binare pe 64 de biți pe diferite arhitecturi CPU prin traducerea codului mașină în instrucțiuni native. Proiectul utilizează recompilarea dinamică pentru a accelera execuția și mapează apelurile de sistem guest către bibliotecile gazdă native pentru a crește viteza și compatibilitatea hardware. Poate simula un mediu de execuție pe 32 de biți pentru a suporta software-ul legacy și se integrează cu kernel-ul sistemului de operare pentru a recunoaște și lansa automat executabile străine. Sistemul acoperă execuția programelor Linux pe 64 și 32 de biți, a binarilor Windows și a clienților de jocuri, incluzând suport pentru overlay-uri grafice Vulkan. Oferă mecanisme pentru bundling-ul bibliotecilor, încărcarea pachetelor AppImage și optimizarea țintită pe hardware specific. Software-ul suportă compilarea binară statică și oferă un toolchain de cross-compilation pentru deployment pe diferite arhitecturi CPU.
Translates guest operating system requests into compatible host operations by wrapping library functions and system calls.
Vita3K is a console hardware emulator specifically designed to replicate the PlayStation Vita environment. It functions as a cross-platform game emulator that allows handheld software and homebrew to run on desktop and mobile devices. The project focuses on PlayStation Vita emulation to enable retro game preservation and cross-platform gaming on operating systems such as Windows, Linux, and Android. The emulator implements hardware emulation through a dynamic recompilation engine, firmware-based system call translation, and a GPU hardware abstraction layer. It further simulates the original
Uses original console firmware to intercept and translate system calls into emulator functions.
cglib is a suite of tools for JVM bytecode generation, class transformation, and dynamic proxying. It provides a high-level API for creating and transforming Java bytecode at runtime to modify class behavior and a framework for intercepting method calls and field access. The project implements dynamic proxy generation to support aspect oriented programming and custom data access patterns. It also includes a serialization manager to implement serialization contracts by adding specific methods and controlling object replacement within proxy classes. The library covers bytecode manipulation and
Generates proxy objects to intercept method calls and field access for custom data access patterns.
This project is a collection of reference implementations and practical guides for building enterprise Java applications using the Spring Boot framework. It serves as a backend project gallery and implementation guide, providing a set of architectures for common server patterns. The repository distinguishes itself through a focus on distributed system design, offering examples for global unique identifier generation, distributed caching, and full-text search. It also includes templates and examples for creating custom Spring Boot starters to encapsulate shared dependencies and configurations
Uses dynamic proxies and interceptors to separate cross-cutting concerns from core business logic.
Sylar is a high-performance C++ asynchronous server framework and event-driven network library. It functions as a coroutine scheduler and HTTP server implementation designed to build network services using non-blocking I/O. The project distinguishes itself through a system call interceptor that hooks blocking socket and sleep APIs, transforming synchronous operations into non-blocking asynchronous events. It employs a user-space threading system to distribute lightweight tasks across a worker thread pool to maximize CPU utilization. The framework covers a broad range of networking and system
Intercepts blocking socket and sleep APIs to transform synchronous calls into non-blocking asynchronous operations.
This project is a red teaming knowledge base and offensive security playbook designed to simulate adversary behavior. It serves as a comprehensive collection of technical guides and tactics for executing red team operations. The repository provides detailed instructions for Active Directory exploitation, including Kerberos abuse and domain privilege escalation. It covers defense evasion through API unhooking and payload obfuscation, as well as Windows internals research involving the manipulation of kernel objects and system memory. The capability surface extends to network penetration testi
Implements IAT hooking to monitor and redirect system function calls for behavioral alteration.
Epic este un toolkit pentru instrumentarea runtime-ului Android, interceptarea metodelor și auditarea posturii de securitate. Funcționează ca un framework de programare orientată pe aspecte și un interceptor de metode dinamic conceput pentru a monitoriza și altera comportamentul metodelor Java în cadrul Android Runtime. Proiectul oferă capabilități pentru interceptarea și modificarea atât a componentelor framework-ului Android de bază, cât și a logicii specifice aplicației. Acest lucru permite injectarea de comportament Java personalizat și redirecționarea execuției metodelor fără a altera codul sursă original. Framework-ul include instrumente pentru auditarea securității aplicațiilor, care implică scanarea pentru shell-uri încorporate și monitorizarea utilizării API-urilor de sistem sensibile. Aceste funcții de observabilitate permit analiza fluxului de date și verificarea posturilor de securitate în timpul execuției la runtime.
Intercepts application-level method calls at runtime to monitor and alter behavior.
LSPosed_mod is a system for Android system hooking and module management. It enables the installation and configuration of system-level modifications to change device behavior without altering the original system image or source files. The project utilizes zygote-based process injection and runtime method hooking to intercept execution flows in memory. It includes a version-agnostic execution layer to maintain a consistent interface across different Android operating system versions and environments, as well as dynamic proxy interception to modify method arguments and return values. Manageme
Implements dynamic proxy layers to intercept and modify method arguments and return values at runtime.
ScyllaHide este un plugin de bypass pentru anti-debugger și un instrument de reverse engineering conceput pentru a ascunde un debugger de o aplicație țintă. Funcționează ca o bibliotecă de hooking API în user-mode și un framework de injectare DLL care previne detectarea și închiderea programelor în timpul analizei. Proiectul permite analiza malware-ului și studiul software-ului protejat prin neutralizarea apărărilor de securitate. Acest lucru este realizat prin interceptarea și modificarea răspunsurilor bibliotecilor de sistem pentru a induce în eroare aplicațiile cu privire la mediul lor de execuție. Utilitarul folosește mai multe metode tehnice pentru a menține stealth-ul, inclusiv inline API hooking, proxying pentru apeluri de sistem și patching pentru process environment block (PEB). De asemenea, gestionează trap-urile în user-mode și utilizează redirecționarea bibliotecilor dinamice pentru a filtra răspunsurile API sensibile.
Intercepts low-level operating system calls to return forged data that masks debugger presence.
HyperDbg is a hardware-assisted kernel-mode debugging platform that leverages virtualization to monitor and control system execution. By utilizing hypervisor-level primitives, it enables deep system analysis and instrumentation without relying on standard operating system debugging interfaces. The framework provides a comprehensive environment for inspecting both kernel and user-mode processes, allowing for granular control over execution flow and system state. The project distinguishes itself through a transparent debugging layer designed to remain invisible to the target environment. It emp
Monitors system call execution with process-specific filtering and conditional triggering to modify system behavior.
Manticore is a symbolic execution engine designed for the analysis of binary executables and smart contracts. It functions as an automated vulnerability scanner and verification platform that systematically traverses program execution paths to identify security flaws, validate business invariants, and ensure software properties hold true under all possible input conditions. The engine distinguishes itself through a unified instruction set abstraction that enables consistent analysis across diverse architectures and contract formats. It provides a programmatic interface for deep customization,
Simulates operating system interactions by intercepting requests and updating the symbolic CPU state to model environmental dependencies during analysis.
KernelSU-Next is a kernel-level framework designed to provide administrative privileges and granular access control on the Android operating system. By integrating directly into the kernel during the build process, the project enables superuser management and system-wide modifications through kernel-level patching and system call interception. The framework distinguishes itself by utilizing non-persistent file system overlays, which allow for system partition modifications and module injection without altering underlying read-only storage blocks. This approach facilitates dynamic functionalit
Monitors and filters requests from user-space applications to the kernel to enforce security boundaries.
Fastsocket is a high-performance Linux socket implementation designed for linear scalability on multicore systems. It functions as a TCP throughput optimizer and a multicore packet steering engine that reduces system call overhead and lock contention to increase total network processing capacity. The project distinguishes itself through a network system call interceptor that uses a shared library to redirect standard socket calls to optimized interfaces without requiring changes to application binaries. It employs active connection steering by encoding CPU core IDs into source ports and utili
Redirects standard socket calls via a shared library to replace kernel behavior without modifying application binaries.
This project is an OS-level process sandbox and cross-platform security wrapper for Linux and macOS. It is designed to isolate arbitrary processes from the host machine by restricting filesystem and network access without the use of full containerization. The system functions as a system-call interceptor and access controller, blocking unauthorized operating system calls based on predefined security policies. It employs allowlists and denylists to manage resource requests and monitors for security violations in real time. Capability areas include filesystem access management using glob-patte
Intercepts system calls to block unauthorized filesystem or network operations.