6 个仓库
Utilities for reading and extracting data from kernel address space.
Distinct from Kernel: None of the candidates relate to reading kernel memory; they focus on filesystem mounts or custom kernel construction.
Explore 6 awesome GitHub repositories matching operating systems & systems programming · Kernel Memory Access. Refine with filters or upvote what's useful.
BCC is an eBPF development toolkit and tracing framework used for monitoring and analyzing the Linux kernel. It functions as a performance analysis tool and debugging utility to capture system events, measure kernel latency, and provide network observability. The project distinguishes itself by providing a build system that integrates with LLVM to compile C-like code into BPF bytecode at runtime. It utilizes BPF Type Format data for relocations to maintain cross-kernel compatibility and extracts kernel headers to ensure the generated programs match the specific kernel version. The toolkit co
Provides the ability to copy data or strings from kernel address space to the stack for safe processing.
pwndbg is a GDB plugin and binary analysis framework designed for reverse engineering, exploit development, and low-level program analysis. It extends the core functionality of the debugger to provide advanced memory inspection and automation tools. The project distinguishes itself with specialized capabilities for heap analysis across glibc, jemalloc, and musl, as well as a comprehensive kernel debugging toolkit for inspecting Linux kernel tasks and slab allocators. It includes an integrated ROP gadget searcher for constructing exploit chains and an LLM-powered debugging assistant that provi
Reads kernel symbols and page tables to translate virtual addresses and inspect slab allocators.
Blackbone 是一套专门用于内存扫描、进程注入和内核驱动接口的工具集合,用于操纵 Windows 执行环境。它提供了一个用于执行远程代码、映射可执行映像以及跨不同进程边界管理线程的框架。 该项目包含一个内核内存驱动程序,用于访问内核内存并修改句柄权限,从而在用户模式检测中隐藏分配。它还具有一个库,用于使用软件中断和硬件断点拦截远程进程中的函数调用。 该工具包涵盖了虚拟内存操作的更广泛功能,例如在本地或远程进程中读取、写入和分配内存。它还提供了用于定位特定字节序列的内存模式搜索实用程序,以及用于注入或卸载二进制文件的模块管理功能。
Enables reading and modifying data within the kernel address space using a privileged driver.
Aya is a Rust-native framework for writing, compiling, and loading eBPF programs into the Linux kernel. It provides a complete development environment that eliminates the need for a C toolchain or libbpf, allowing developers to work entirely within the Rust ecosystem. The framework manages the full lifecycle of eBPF programs, including async runtime integration, CO-RE BTF resolution for kernel version portability, ELF-based program loading, and safe kernel memory access. The framework distinguishes itself through its pure Rust compilation pipeline, which compiles Rust source code directly int
Copies kernel data structures into eBPF context safely to prevent page faults.
Meltdown 是一组软件工具,旨在绕过内核地址随机化并转储物理内存,以利用硬件级安全漏洞。它作为 Meltdown 硬件漏洞的概念验证,能够读取受影响处理器上的受保护内核内存。 该工具提供了识别直接物理映射的秘密随机化偏移量以定位内核内存的功能。它还包括将大段物理内存导出为十六进制转储格式的功能,用于恢复敏感字符串和密码。 该项目涵盖通过内核偏移计算和物理内存泄漏进行的内存分析。它还包括测量从物理内存泄漏的数据的准确性和一致性的能力,以验证硬件漏洞的可靠性。
Provides utilities for extracting sensitive data from protected kernel address spaces by bypassing architectural isolation.
该项目是一个教育资源,提供了一个全面的开发教程,用于在 Linux 内核中使用 C、Go 和 Rust 编写并加载 eBPF 程序。它作为一个技术指南,用于开发直接在内核中执行的自定义逻辑。 这些材料涵盖了专门的领域,包括内核可观测性和追踪、用于入侵检测的安全实现,以及用于包过滤和负载均衡的高性能网络工程。它还包括用于 Linux 内核追踪以及使用 kprobes、uprobes 和 tracepoints 的专用手册。 该项目涵盖了广泛的功能领域,如内核插桩、系统监控和可观测性、网络分析以及安全强制执行。它进一步扩展到 GPU 和驱动程序的硬件级调试,以及底层系统操作和资源管理。
Implements safe memory copying from kernel structures into eBPF context to prevent system crashes.