26 个仓库
Capabilities for exporting specific ranges of emulated memory directly to binary files.
Distinguishing note: Closest candidates focus on map exporting or log exporting, not raw binary memory dumps.
Explore 26 awesome GitHub repositories matching operating systems & systems programming · Binary Memory Dumping. Refine with filters or upvote what's useful.
This project is a collection of educational resources and step-by-step tutorials for Java backend development. It provides implementation guides for building web services and applications using the Spring Boot framework, focusing on the development of data streams and concurrent tasks. The repository includes technical walkthroughs for Kubernetes cluster automation, specifically regarding the creation of custom operators and admission controllers. It also serves as a manual for cloud native integration, covering the packaging of applications into containers and the use of distributed event me
Provides techniques for capturing Java heap dumps from containers to diagnose memory leaks.
Stetho is a debug bridge that connects Android applications to Chrome Developer Tools. It allows for the real-time inspection of network traffic, internal application state, and the user interface layout directly within a desktop browser. The project provides specialized inspectors for analyzing Android-specific components. This includes a network inspector for capturing HTTP requests and responses, an SQLite database browser for querying local storage, and a view hierarchy inspector for mapping UI elements and styles. Additional capabilities cover runtime execution via an embedded JavaScrip
Triggers process crashes and extracts binary memory dumps to analyze application stability and resource usage.
pwndbg is a GDB plugin and binary analysis framework designed for reverse engineering, exploit development, and low-level program analysis. It extends the core functionality of the debugger to provide advanced memory inspection and automation tools. The project distinguishes itself with specialized capabilities for heap analysis across glibc, jemalloc, and musl, as well as a comprehensive kernel debugging toolkit for inspecting Linux kernel tasks and slab allocators. It includes an integrated ROP gadget searcher for constructing exploit chains and an LLM-powered debugging assistant that provi
Provides formatted hexadecimal views of raw data at specific memory addresses or modules.
MAME is a vintage hardware emulation platform designed to recreate the circuitry of arcade games, computers, and consoles to run original software on modern devices. It functions as a retro gaming preservation framework for managing, verifying, and archiving ROM sets and disk images to ensure long-term software accessibility. The project features a system debugging tool for inspecting emulated memory, CPU registers, and execution flow via breakpoints and disassembly. It also includes a Lua-based automation layer that exposes core system state and hardware controls for custom behavior and anal
Exports specific ranges of emulated memory directly to binary files for external analysis.
Bottlerocket is a container-optimized operating system and minimal Linux distribution designed specifically for hosting container workloads. It functions as an immutable infrastructure OS, utilizing a read-only root filesystem and atomic partition swapping to ensure consistent and reversible system updates. The system is distinguished by an API-driven host manager that replaces traditional shell-based configuration with a local REST API for administrative tasks. To maintain security and stability, it employs a dual-runtime isolation model that separates workload runtimes from system operation
Captures logs and memory dumps to persistent storage automatically when a kernel panic occurs.
Il2CppDumper is a reverse engineering tool that recovers original .NET assembly structure from Unity games compiled with il2cpp. It parses il2cpp binaries across multiple executable formats including ELF, Mach-O, PE, NSO, and WASM, and reconstructs the original DLL structure from embedded metadata tables, enabling decompilation and analysis of game code. The tool generates disassembler scripts for IDA, Ghidra, and Binary Ninja that apply recovered type definitions and structure layouts to the binary analysis. It also strips protection layers from memory-dumped libil2cpp.so files and simple PE
Strips protection layers from memory-dumped libil2cpp.so files and simple PE-protected binaries for analysis.
GEF is a Python-based extension for GDB that serves as a framework for binary analysis, exploit development, and low-level debugging. It functions as a dynamic analysis extension designed to assist in reverse engineering workflows and malware analysis by enhancing the debugger's ability to inspect process state and memory. The project is distinguished by its specialized heap analysis tools, which allow for the inspection of glibc heap arenas, bins, and chunks to detect memory corruption. It also provides a dedicated toolkit for exploit development, including cyclic pattern generation for offs
Exports specific memory ranges as formatted arrays of bytes in Python, C, or Hex strings.
gops 是一个命令行诊断工具集,用于监控、分析和管理活跃 Go 应用的运行时状态。它作为一个运行时诊断工具,提供了一个专注的界面,用于分析内存、分析性能和监控运行进程的健康状况。 该工具提供了一组专门的实用程序,包括用于捕获 CPU 和堆分析文件的性能分析器、用于识别泄漏并触发垃圾回收的内存分析器,以及用于发现运行中的二进制文件并可视化进程层次结构的进程监控器。 该项目涵盖了广泛的诊断功能,包括运行时执行追踪、堆栈跟踪捕获和资源使用采样。它还包括用于进程元数据检查、二进制路径解析以及监控线程数和内存统计等运行时指标的系统工具。
Reports current Go memory and runtime statistics, including active concurrent execution threads, to assess resource allocation.
Al-Khaser is a research project focused on the development of anti-analysis and evasion techniques to resist reverse engineering. It provides implementations for detecting and evading virtual machines, sandboxes, and debuggers to prevent software analysis. The project implements control flow obfuscation through anti-disassembly methods and utilizes dynamic API resolution to bypass static import tables. It further hinders forensic analysis by manipulating memory headers to prevent process dumps and utilizing remote code injection to execute logic in external processes. The capability surface
Modifies image sizes or erases headers in memory to prevent analysts from capturing usable process dumps.
Rockstar is an esoteric programming language whose syntax is inspired by 1980s hard rock and heavy metal lyrics, making programs read like song lyrics. It uses poetic number literals, where the length of each word in a phrase is parsed as a decimal digit to initialize numeric variables, and pronoun-based variable references, where words like "it" and "they" resolve to the most recently assigned or compared variable at runtime. The language can be compiled to WebAssembly and run inside a web page for in-browser code execution. The language distinguishes itself through a lyric-driven parsing sy
Provides a built-in command to dump all variable states and object IDs for debugging.
This project is a comprehensive technical guide and diagnostic manual for analyzing memory, performance, and asynchronous behavior within Node.js applications. It provides detailed methods for asynchronous tracing, memory diagnostics, and performance analysis to resolve runtime errors and execution bottlenecks. The resource distinguishes itself by covering advanced diagnostic workflows, including the use of flame graphs for CPU profiling, the capture and comparison of heap snapshots for memory leak detection, and the mapping of asynchronous call stacks. It also provides technical guidance on
Guides the use of memory dump parsers to identify object instances and trace references in core dumps.
The C/C++ extension for Visual Studio Code provides language support for C and C++ programming, including IntelliSense-powered code editing, navigation, and debugging capabilities. It enables syntax highlighting, code completion, hover information, and error checking for C and C++ source files, along with features like semantic colorization, symbol search, and call hierarchy exploration. The extension offers comprehensive debugging support for C/C++ programs, including launching debug sessions with breakpoints, stepping through code, and inspecting variables. It supports debugging multi-threa
Loads and analyzes core dumps for post-mortem debugging of C/C++ programs.
MifareClassicTool is an Android application for reading, writing, cloning, and analyzing MIFARE Classic RFID tags using built-in NFC hardware or external USB readers. The tool provides sector-based authentication using key files and dictionary attacks, enabling selective data extraction from protected tag sectors. The application includes a hex editor for viewing and modifying raw tag dump data with sector and block highlighting, along with tools for decoding and encoding access condition bytes and value blocks. It supports cloning full dumps or UIDs to compatible magic tags, including manufa
Shares MIFARE dump files to other apps via email or Bluetooth.
Cuberite 是一款高性能的 Java Edition 客户端多人游戏服务器,旨在为托管共享虚拟空间提供低内存和低 CPU 占用的环境。 该服务器专为跨各种操作系统和硬件类型的部署而构建。它允许通过 Lua 脚本接口扩展游戏机制和服务器逻辑,从而无需重新编译核心引擎即可更改功能。 该项目包括通过远程控制台进行服务器管理的工具,以及用于分析统计数据和优化存档文件存储的世界数据管理工具。其他功能涵盖了生物群系生成的可视化以及用于资源监控的内存转储分析。
Includes tools to parse memory snapshots for identifying resource leaks and consumption patterns.
Hooker 是一个用于 Android 应用程序动态插桩、内存分析和去混淆的工具包。它作为一个逆向工程框架,使用 Frida 将脚本注入正在运行的进程中,监控原生调用并提取可执行的 DEX 文件。 该项目提供了用于绕过安全控制的专用工具,包括禁用 SSL 证书验证和 BoringSSL 固定以实现 HTTPS 流量拦截。它包括检测应用程序加固、通过 Hook 加密算法提取加密密钥以及规避 Root 或调试环境检查的功能。 该框架涵盖了广泛的分析功能,包括用于检测活动组件的内存扫描、用于网络流量路由的 SOCKS5 代理配置以及 UI 交互分析。它还支持收集设备指纹和调试嵌入式 WebView。
Extracts executable bytecode from application process memory to recover files from packed or obfuscated binaries.
GlusterFS 是一个软件定义的分布式文件系统和横向扩展存储集群,将来自多个服务器的磁盘资源聚合到一个单一的全局命名空间中。它作为一个统一的存储平台,允许通过文件、块和对象存储接口暴露相同的基础数据。 该系统通过去中心化架构脱颖而出,该架构使用一致性哈希在网络节点之间分发文件,而无需中央元数据服务器。它通过自愈复制、基于仲裁的一致性来防止脑裂场景,以及用于跨地理位置灾难恢复的异步地理复制,确保了数据完整性和可用性。 该平台通过 NFS、Samba 和 iSCSI 提供广泛的多协议存储导出功能,以及全面的卷管理功能,包括时间点快照、存储配额和弹性容量扩展。安全性通过传输中的 TLS 加密、身份管理集成和细粒度的 POSIX 访问控制来处理。 该软件可通过社区仓库以二进制包的形式提供,适用于各种 Linux 发行版。
Captures internal variables and memory pools from processes to facilitate deep debugging.
本项目是一个全面的 Android 逆向工程套件,具有反编译器、字节码去混淆器和恶意软件分析工具的功能。它旨在将 APK、DEX 和 OAT 二进制文件转换为人类可读的源代码,并使用无需 Java 虚拟机 (JVM) 的原生实现。 该平台通过与 Frida 集成进行动态分析而脱颖而出,允许用户实时挂钩方法、注入自定义 JavaScript 并转储设备内存。它还具有专门的安全引擎,包括污点传播引擎和栈状态机,以检测隐私泄露、恶意行为和安全漏洞。 该套件涵盖了广泛的分析功能,包括二进制补丁和重打包、交叉引用依赖映射和数据流分析。它提供了用于软件加壳识别、加密字符串解码以及跨应用程序资源进行全局元数据搜索的工具。 该工具提供命令行界面,并支持通过自定义 Python 或 Java 脚本进行分析自动化。
Extracts active modules from a running process's memory to recover the original binary code.
本项目是一个红队知识库和进攻性安全手册,旨在模拟对手行为。它作为技术指南和战术的综合集合,用于执行红队行动。 该存储库提供了 Active Directory 渗透测试的详细说明,包括 Kerberos 滥用和域权限提升。它涵盖了通过 API 解钩 (unhooking) 和载荷混淆进行的防御规避,以及涉及内核对象和系统内存操作的 Windows 内部研究。 功能范围扩展到网络渗透测试、恶意软件分析与工程,以及进攻性安全基础设施的部署。它还包括在企业环境中进行横向移动、持久化和数据外泄的方法。
Provides methods for extracting plaintext passwords and hashes directly from active process memory.
frida-dexdump is an Android memory forensics tool that recovers Dalvik Executable (DEX) files from running application processes using the Frida dynamic instrumentation framework. It functions as a Frida-based runtime analyzer and DEX memory dumper, capable of extracting obfuscated or packed DEX files without modifying the Android system. The tool distinguishes itself through its ability to repair corrupted or missing DEX file headers using heuristic analysis and fuzzy matching techniques. It employs fuzzy boundary detection to identify DEX file boundaries in memory even when headers are dama
Scans a running app's memory for Dalvik Executable files and extracts them for offline analysis.
MemProcFS 是一个易失性内存分析工具和跨平台内存获取系统。它作为一个内存取证虚拟文件系统,将物理内存和内核对象映射到虚拟目录结构中,允许用户使用标准文件系统工具分析系统工件。 该项目通过提供用于内存取证的虚拟文件系统脱颖而出,能够将物理内存作为只读文件和文件夹进行浏览和查询。它还结合了基于 Yara 的内存扫描器,以识别物理内存中的恶意软件签名和注入代码。 该引擎涵盖了广泛的取证功能,包括进程和线程检查、网络连接列表和 Windows 注册表分析。它支持从实时系统、崩溃转储和虚拟机中摄取数据,同时提供符号解析以将原始内存地址转换为有意义的名称。 集成通过多语言程序化接口和针对 C 和 Java 的原生库包装器,以及用于自动化工作流的无头 Python 脚本提供支持。
Parses memory dump files across various CPU architectures to enable deep forensic analysis.