16 个仓库
Utilities for modifying application behavior during runtime for analysis.
Distinguishing note: Focuses on runtime modification rather than passive observation.
Explore 16 awesome GitHub repositories matching operating systems & systems programming · Instrumentation & Hooking. Refine with filters or upvote what's useful.
Geth is a comprehensive execution client for the Ethereum network, serving as a foundational node implementation that processes transactions, maintains the distributed ledger state, and participates in peer-to-peer consensus. It provides a robust infrastructure for synchronizing, validating, and serving blockchain data, utilizing a persistent Merkle Patricia Trie database to ensure the cryptographic integrity of historical records. As a sandboxed smart contract runtime, it executes bytecode according to deterministic protocol rules, enabling the deployment and interaction of decentralized appl
Geth enables high-performance tracing by registering hooks that execute directly within the node, avoiding the overhead of script interpretation during transaction execution.
This project is a graphical Windows debugger designed for the analysis and manipulation of compiled binary applications. It functions as a comprehensive binary analysis suite, providing a real-time environment for inspecting CPU registers, monitoring memory states, and tracing instruction execution to investigate system-level software behavior. The tool distinguishes itself through an event-driven debugging loop that allows for precise process control and state modification during runtime. It supports advanced analysis techniques, including hardware-breakpoint injection for monitoring memory
Modifies application behavior during execution to analyze performance and logic.
This project is a comprehensive technical knowledge base designed to support developers in mastering systems programming and preparing for technical assessments. It provides a structured collection of fundamental computer science concepts, mapping high-level language constructs to low-level hardware memory layouts, runtime object lifecycles, and system-level operations. The repository distinguishes itself through a hierarchical approach that bridges the gap between theoretical principles and practical implementation. It offers detailed guidance on C++ language mechanisms, standard library usa
Details the implementation of library entry points for managing process-level lifecycle events.
RevokeMsgPatcher is a binary patching utility designed to modify the execution logic of desktop messaging applications. By applying low-level changes to compiled executable files and libraries, the tool enables functionality not natively supported by the original software, specifically focusing on message persistence and process management. The utility distinguishes itself through targeted binary instrumentation and control flow redirection. It identifies specific function patterns and memory offsets within proprietary software to inject custom assembly instructions. These modifications allow
Loads custom-compiled code into the memory space of running processes to intercept and redirect internal function calls.
ExplorerPatcher is a system utility designed to modify the behavior of the Windows shell by injecting custom code into core operating system processes. It functions as a background patching tool that intercepts internal function calls and replaces modern interface components with legacy alternatives, allowing for the restoration of traditional taskbar, menu, and task switcher behaviors. The project distinguishes itself through its use of dynamic link library injection and side-by-side binary replacement to alter the desktop environment at runtime. By redirecting execution flow within the syst
Loads dynamic link libraries into system processes to extend or modify desktop environment components.
BetterDisplay is a comprehensive display management utility and virtual display engine designed to provide granular control over monitor configurations. It functions as a low-level hardware controller that interacts directly with graphics drivers and system APIs to override manufacturer limitations, enabling users to manage resolution, scaling, brightness, and color profiles across complex multi-monitor setups. The project distinguishes itself through its ability to generate synthetic virtual displays and inject custom framebuffers into the graphics pipeline, allowing for arbitrary resolution
Interacts with graphics drivers to disable temporal dithering and manage pulse-width modulation thresholds.
Proton is a compatibility layer designed to enable the execution of Windows-based software on non-Windows operating systems. It functions as a controlled runtime environment that maps proprietary system calls to native kernel functions and translates graphics API commands into open-standard compute shaders. This allows applications to run without requiring modifications to their original source code. The project distinguishes itself through a robust toolchain for reproducible builds, which utilizes containerized isolation to ensure consistent binary outputs across different development enviro
Intercepts calls to external software dependencies by injecting custom code wrappers.
ReVanced Manager is an Android application patcher designed to modify compiled mobile binaries. It enables users to inject custom features, alter runtime behavior, and remove interface elements without requiring access to original source code. The utility distinguishes itself by performing all operations locally on the user device, ensuring privacy by avoiding external server dependencies. It automates the entire modification lifecycle, including the retrieval of application files, the application of bytecode-level patches, and the generation of new cryptographic signatures to ensure the resu
Performs automated code instrumentation on installed application packages to change functionality.
Delve is a command-line debugger designed for programs written in the Go programming language. It provides an interactive interface for runtime analysis, allowing developers to control program execution, inspect memory and variable states, and navigate call stacks to identify logic errors. The tool distinguishes itself through deep integration with the Go runtime, specifically by providing goroutine-aware stack unwinding and the ability to manage concurrent execution threads. It utilizes a client-server protocol to decouple the debugger engine from the user interface, enabling both local and
Modifies process instruction streams or sets processor-level registers to trigger execution halts.
BCC is an eBPF development toolkit and tracing framework used for monitoring and analyzing the Linux kernel. It functions as a performance analysis tool and debugging utility to capture system events, measure kernel latency, and provide network observability. The project distinguishes itself by providing a build system that integrates with LLVM to compile C-like code into BPF bytecode at runtime. It utilizes BPF Type Format data for relocations to maintain cross-kernel compatibility and extracts kernel headers to ensure the generated programs match the specific kernel version. The toolkit co
Provides dynamic instrumentation and hooking capabilities via kprobes to capture kernel execution state.
Mobile Security Framework is an automated security testing platform designed for the analysis of Android, iOS, and Windows mobile application binaries. It functions as a comprehensive suite for identifying security vulnerabilities, privacy risks, and malicious code within mobile software packages. The framework distinguishes itself by combining static and dynamic analysis techniques to evaluate application behavior. It performs static inspection of source code and binaries to detect insecure patterns, while simultaneously utilizing dynamic instrumentation and containerized sandboxing to monit
Injects runtime agents into mobile processes to intercept function calls and monitor data flows during execution.
Cheat Engine is a software reverse engineering suite and memory editor designed for the Windows environment. It functions as a comprehensive platform for inspecting, analyzing, and modifying the internal logic and data structures of running applications. The tool provides capabilities for real-time memory scanning and manipulation, allowing users to locate and alter specific values within a process's address space. It distinguishes itself through advanced debugging features, including hardware-assisted debugging, kernel-mode driver injection for bypassing memory protections, and dynamic binar
Hooks into target processes at runtime to intercept and modify machine code instructions for analysis and modification.
This project is a comprehensive, curated directory of cybersecurity resources, software, and documentation designed to support system and network protection. It serves as a centralized knowledge base and index for security professionals, aggregating industry-standard practices and open-source tools across a wide range of technical domains. The repository distinguishes itself by providing a structured collection of methodologies and frameworks for security operations. It covers critical areas including threat intelligence, digital forensics, infrastructure auditing, and vulnerability assessmen
Provides utilities for modifying application behavior during runtime for analysis and interception.
Unicorn is a multi-architecture CPU emulation framework and library that utilizes just-in-time compilation to execute instructions across various processor architectures, including ARM, x86, and RISC-V. It functions as both a JIT compilation engine and an instrumentation tool, allowing for the execution of machine code without the need for physical hardware. The framework is distinguished by its hook-based execution instrumentation, which enables the interception of specific instructions and memory accesses to trigger custom callback functions. It provides a language-agnostic binding layer an
Implements hooks to intercept instructions and memory accesses for runtime program analysis.
nyc is a JavaScript code coverage tool and command-line interface that instruments source files to track the execution of lines, branches, and functions during test runs. It acts as a wrapper for Node.js test runners, intercepting the module loading process to collect coverage data. The tool functions as a coverage data merger and build gating tool, allowing users to combine results from multiple independent test runs or child processes into a single unified report. It can automatically fail the build process if code coverage percentages fall below defined minimum thresholds. The project sup
Instruments source files on-the-fly by intercepting the Node.js module loading process with a custom require hook.
This project is an Android security analysis toolkit and mobile app runtime manipulator designed for reverse engineering and auditing mobile applications. It provides a system for modifying Java classes and method behavior in active mobile processes to bypass security controls. The toolkit includes a web-based interface for controlling the instrumentation engine and a specialized utility for disabling certificate validation to intercept and inspect encrypted network traffic via SSL pinning bypass. It also features an Android file explorer for browsing and managing files within private data di
Implements dynamic instrumentation and function hooking to intercept and modify application behavior in real-time.