awesome-repositories.com
博客
awesome-repositories.com

通过 AI 驱动的搜索,发现最优秀的开源仓库。

探索精选搜索开源替代品自托管软件博客网站地图
项目关于排名机制媒体报道MCP 服务器
法律隐私政策服务条款
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

16 个仓库

Awesome GitHub RepositoriesInstrumentation & Hooking

Utilities for modifying application behavior during runtime for analysis.

Distinguishing note: Focuses on runtime modification rather than passive observation.

Explore 16 awesome GitHub repositories matching operating systems & systems programming · Instrumentation & Hooking. Refine with filters or upvote what's useful.

Awesome Instrumentation & Hooking GitHub Repositories

用 AI 发现最棒的仓库。我们将通过 AI 为您搜索最匹配的仓库。
  • ethereum/go-ethereumethereum 的头像

    ethereum/go-ethereum

    51,178在 GitHub 上查看↗

    Geth is a comprehensive execution client for the Ethereum network, serving as a foundational node implementation that processes transactions, maintains the distributed ledger state, and participates in peer-to-peer consensus. It provides a robust infrastructure for synchronizing, validating, and serving blockchain data, utilizing a persistent Merkle Patricia Trie database to ensure the cryptographic integrity of historical records. As a sandboxed smart contract runtime, it executes bytecode according to deterministic protocol rules, enabling the deployment and interaction of decentralized appl

    Geth enables high-performance tracing by registering hooks that execute directly within the node, avoiding the overhead of script interpretation during transaction execution.

    Goblockchainethereumgeth
    在 GitHub 上查看↗51,178
  • x64dbg/x64dbgx64dbg 的头像

    x64dbg/x64dbg

    48,652在 GitHub 上查看↗

    This project is a graphical Windows debugger designed for the analysis and manipulation of compiled binary applications. It functions as a comprehensive binary analysis suite, providing a real-time environment for inspecting CPU registers, monitoring memory states, and tracing instruction execution to investigate system-level software behavior. The tool distinguishes itself through an event-driven debugging loop that allows for precise process control and state modification during runtime. It supports advanced analysis techniques, including hardware-breakpoint injection for monitoring memory

    Modifies application behavior during execution to analyze performance and logic.

    C++binary-analysisctfcybersecurity
    在 GitHub 上查看↗48,652
  • huihut/interviewhuihut 的头像

    huihut/interview

    37,972在 GitHub 上查看↗

    This project is a comprehensive technical knowledge base designed to support developers in mastering systems programming and preparing for technical assessments. It provides a structured collection of fundamental computer science concepts, mapping high-level language constructs to low-level hardware memory layouts, runtime object lifecycles, and system-level operations. The repository distinguishes itself through a hierarchical approach that bridges the gap between theoretical principles and practical implementation. It offers detailed guidance on C++ language mechanisms, standard library usa

    Details the implementation of library entry points for managing process-level lifecycle events.

    C++algorithmccpp
    在 GitHub 上查看↗37,972
  • huiyadanli/revokemsgpatcherhuiyadanli 的头像

    huiyadanli/RevokeMsgPatcher

    37,926在 GitHub 上查看↗

    RevokeMsgPatcher is a binary patching utility designed to modify the execution logic of desktop messaging applications. By applying low-level changes to compiled executable files and libraries, the tool enables functionality not natively supported by the original software, specifically focusing on message persistence and process management. The utility distinguishes itself through targeted binary instrumentation and control flow redirection. It identifies specific function patterns and memory offsets within proprietary software to inject custom assembly instructions. These modifications allow

    Loads custom-compiled code into the memory space of running processes to intercept and redirect internal function calls.

    C#hex-editorpatchpc
    在 GitHub 上查看↗37,926
  • valinet/explorerpatchervalinet 的头像

    valinet/ExplorerPatcher

    32,948在 GitHub 上查看↗

    ExplorerPatcher is a system utility designed to modify the behavior of the Windows shell by injecting custom code into core operating system processes. It functions as a background patching tool that intercepts internal function calls and replaces modern interface components with legacy alternatives, allowing for the restoration of traditional taskbar, menu, and task switcher behaviors. The project distinguishes itself through its use of dynamic link library injection and side-by-side binary replacement to alter the desktop environment at runtime. By redirecting execution flow within the syst

    Loads dynamic link libraries into system processes to extend or modify desktop environment components.

    C
    在 GitHub 上查看↗32,948
  • waydabber/betterdisplaywaydabber 的头像

    waydabber/BetterDisplay

    32,337在 GitHub 上查看↗

    BetterDisplay is a comprehensive display management utility and virtual display engine designed to provide granular control over monitor configurations. It functions as a low-level hardware controller that interacts directly with graphics drivers and system APIs to override manufacturer limitations, enabling users to manage resolution, scaling, brightness, and color profiles across complex multi-monitor setups. The project distinguishes itself through its ability to generate synthetic virtual displays and inject custom framebuffers into the graphics pipeline, allowing for arbitrary resolution

    Interacts with graphics drivers to disable temporal dithering and manage pulse-width modulation thresholds.

    4kbrightnessddc
    在 GitHub 上查看↗32,337
  • valvesoftware/protonValveSoftware 的头像

    ValveSoftware/Proton

    31,868在 GitHub 上查看↗

    Proton is a compatibility layer designed to enable the execution of Windows-based software on non-Windows operating systems. It functions as a controlled runtime environment that maps proprietary system calls to native kernel functions and translates graphics API commands into open-standard compute shaders. This allows applications to run without requiring modifications to their original source code. The project distinguishes itself through a robust toolchain for reproducible builds, which utilizes containerized isolation to ensure consistent binary outputs across different development enviro

    Intercepts calls to external software dependencies by injecting custom code wrappers.

    C++proton
    在 GitHub 上查看↗31,868
  • revanced/revanced-managerReVanced 的头像

    ReVanced/revanced-manager

    25,932在 GitHub 上查看↗

    ReVanced Manager is an Android application patcher designed to modify compiled mobile binaries. It enables users to inject custom features, alter runtime behavior, and remove interface elements without requiring access to original source code. The utility distinguishes itself by performing all operations locally on the user device, ensuring privacy by avoiding external server dependencies. It automates the entire modification lifecycle, including the retrieval of application files, the application of bytecode-level patches, and the generation of new cryptographic signatures to ensure the resu

    Performs automated code instrumentation on installed application packages to change functionality.

    Dartandroidflutterflutter-apps
    在 GitHub 上查看↗25,932
  • go-delve/delvego-delve 的头像

    go-delve/delve

    24,605在 GitHub 上查看↗

    Delve is a command-line debugger designed for programs written in the Go programming language. It provides an interactive interface for runtime analysis, allowing developers to control program execution, inspect memory and variable states, and navigate call stacks to identify logic errors. The tool distinguishes itself through deep integration with the Go runtime, specifically by providing goroutine-aware stack unwinding and the ability to manage concurrent execution threads. It utilizes a client-server protocol to decouple the debugger engine from the user interface, enabling both local and

    Modifies process instruction streams or sets processor-level registers to trigger execution halts.

    Godebuggergogolang
    在 GitHub 上查看↗24,605
  • iovisor/bcciovisor 的头像

    iovisor/bcc

    22,459在 GitHub 上查看↗

    BCC is an eBPF development toolkit and tracing framework used for monitoring and analyzing the Linux kernel. It functions as a performance analysis tool and debugging utility to capture system events, measure kernel latency, and provide network observability. The project distinguishes itself by providing a build system that integrates with LLVM to compile C-like code into BPF bytecode at runtime. It utilizes BPF Type Format data for relocations to maintain cross-kernel compatibility and extracts kernel headers to ensure the generated programs match the specific kernel version. The toolkit co

    Provides dynamic instrumentation and hooking capabilities via kprobes to capture kernel execution state.

    C
    在 GitHub 上查看↗22,459
  • mobsf/mobile-security-framework-mobsfMobSF 的头像

    MobSF/Mobile-Security-Framework-MobSF

    21,224在 GitHub 上查看↗

    Mobile Security Framework is an automated security testing platform designed for the analysis of Android, iOS, and Windows mobile application binaries. It functions as a comprehensive suite for identifying security vulnerabilities, privacy risks, and malicious code within mobile software packages. The framework distinguishes itself by combining static and dynamic analysis techniques to evaluate application behavior. It performs static inspection of source code and binaries to detect insecure patterns, while simultaneously utilizing dynamic instrumentation and containerized sandboxing to monit

    Injects runtime agents into mobile processes to intercept function calls and monitor data flows during execution.

    JavaScriptandroid-securityapi-testingapk
    在 GitHub 上查看↗21,224
  • cheat-engine/cheat-enginecheat-engine 的头像

    cheat-engine/cheat-engine

    18,453在 GitHub 上查看↗

    Cheat Engine is a software reverse engineering suite and memory editor designed for the Windows environment. It functions as a comprehensive platform for inspecting, analyzing, and modifying the internal logic and data structures of running applications. The tool provides capabilities for real-time memory scanning and manipulation, allowing users to locate and alter specific values within a process's address space. It distinguishes itself through advanced debugging features, including hardware-assisted debugging, kernel-mode driver injection for bypassing memory protections, and dynamic binar

    Hooks into target processes at runtime to intercept and modify machine code instructions for analysis and modification.

    Pascal
    在 GitHub 上查看↗18,453
  • sbilly/awesome-securitysbilly 的头像

    sbilly/awesome-security

    14,022在 GitHub 上查看↗

    This project is a comprehensive, curated directory of cybersecurity resources, software, and documentation designed to support system and network protection. It serves as a centralized knowledge base and index for security professionals, aggregating industry-standard practices and open-source tools across a wide range of technical domains. The repository distinguishes itself by providing a structured collection of methodologies and frameworks for security operations. It covers critical areas including threat intelligence, digital forensics, infrastructure auditing, and vulnerability assessmen

    Provides utilities for modifying application behavior during runtime for analysis and interception.

    awesome-listsecurity
    在 GitHub 上查看↗14,022
  • unicorn-engine/unicornunicorn-engine 的头像

    unicorn-engine/unicorn

    9,076在 GitHub 上查看↗

    Unicorn is a multi-architecture CPU emulation framework and library that utilizes just-in-time compilation to execute instructions across various processor architectures, including ARM, x86, and RISC-V. It functions as both a JIT compilation engine and an instrumentation tool, allowing for the execution of machine code without the need for physical hardware. The framework is distinguished by its hook-based execution instrumentation, which enables the interception of specific instructions and memory accesses to trigger custom callback functions. It provides a language-agnostic binding layer an

    Implements hooks to intercept instructions and memory accesses for runtime program analysis.

    C
    在 GitHub 上查看↗9,076
  • istanbuljs/nycistanbuljs 的头像

    istanbuljs/nyc

    5,746在 GitHub 上查看↗

    nyc is a JavaScript code coverage tool and command-line interface that instruments source files to track the execution of lines, branches, and functions during test runs. It acts as a wrapper for Node.js test runners, intercepting the module loading process to collect coverage data. The tool functions as a coverage data merger and build gating tool, allowing users to combine results from multiple independent test runs or child processes into a single unified report. It can automatically fail the build process if code coverage percentages fall below defined minimum thresholds. The project sup

    Instruments source files on-the-fly by intercepting the Node.js module loading process with a custom require hook.

    JavaScriptcode-coverageistanbuljavascript
    在 GitHub 上查看↗5,746
  • m0bilesecurity/rms-runtime-mobile-securitym0bilesecurity 的头像

    m0bilesecurity/RMS-Runtime-Mobile-Security

    2,971在 GitHub 上查看↗

    This project is an Android security analysis toolkit and mobile app runtime manipulator designed for reverse engineering and auditing mobile applications. It provides a system for modifying Java classes and method behavior in active mobile processes to bypass security controls. The toolkit includes a web-based interface for controlling the instrumentation engine and a specialized utility for disabling certificate validation to intercept and inspect encrypted network traffic via SSL pinning bypass. It also features an Android file explorer for browsing and managing files within private data di

    Implements dynamic instrumentation and function hooking to intercept and modify application behavior in real-time.

    JavaScriptandroid-securityfridaios-security
    在 GitHub 上查看↗2,971
  1. Home
  2. Operating Systems & Systems Programming
  3. Binary Analysis Capabilities
  4. Instrumentation & Hooking

探索子标签

  • Runtime Module HookingIntercepting module loading processes to inject diagnostic or tracking code on-the-fly. **Distinct from Instrumentation & Hooking:** Focuses specifically on the runtime interception of module loading (require hooks) rather than general binary or system hooking