13 个仓库
Techniques for modifying memory signatures and binary code in running processes to bypass security checks.
Distinct from Automated Security Patching: Distinct from automated software patching as it modifies active volatile memory to bypass security requirements in real-time.
Explore 13 awesome GitHub repositories matching security & cryptography · Runtime Memory Patching. Refine with filters or upvote what's useful.
This project is a set of extensions for the WeChat macOS application designed to modify client behavior and unlock hidden features. It functions as a client modification framework and a multi-account manager, allowing users to launch and operate several independent instances of the application on a single machine. The tool distinguishes itself through deep integration with the operating system, enabling the execution of macOS system commands and remote administration via incoming chat messages. It also provides productivity extensions that connect chat lists and conversation histories to exte
Modifies application behavior by overwriting instructions in volatile memory to bypass authentication and update checks.
pcileech is a toolkit for executing DMA attacks, analyzing PCIe bus traffic, performing kernel patching, and conducting remote volatile memory forensics. It functions as a hardware memory acquisition tool and a PCIe DMA attack framework designed to read and write remote system memory via direct hardware interfaces. The project provides capabilities for capturing and displaying raw transaction layer packets from the PCIe bus and mounting live RAM as local drives for analysis. It enables the modification of system memory signatures and the execution of shellcode or implants within the kernel wi
Modifies memory signatures in running processes to unlock features or bypass security requirements.
Safetynet-fix is a tool for Android device attestation designed to bypass hardware and software integrity checks. Its primary purpose is to achieve Google SafetyNet compliance on devices with unlocked bootloaders, allowing software that requires specific security profiles to run on modified systems. The project provides compatibility for rooted devices, specifically ensuring that banking and payment applications remain functional while maintaining root access. It manages the Magisk environment configuration to maintain these security-sensitive application requirements. The system utilizes va
Modifies executable code in volatile memory during runtime to bypass security and integrity checks.
Dopamine 是一款 iOS 越狱工具,旨在为运行 iOS 15 和 16 的设备提供 Root 访问权限和管理权限。它作为一个系统权限提升漏洞,在不修改只读系统分区的情况下授予提升的权限。 该项目采用半无根(semi-untethered)Root 漏洞模型,这意味着每次重启后都需要手动触发以恢复 Root 访问权限。这种方法允许绕过系统限制并安装未经授权的软件。 该工具通过多种底层功能管理 Root 访问和系统自定义,包括内核内存补丁和动态库注入。它利用用户空间沙箱逃逸和 PPL 绕过内存映射等技术来修改受限页表并禁用安全保护。
Modifies live kernel memory to disable security protections and grant elevated privileges.
R3nzSkin 是一个适用于 League of Legends 的皮肤修改器和游戏资产修改工具。它作为一个实用程序,用于实时修改角色和游戏对象的视觉外观。 该工具通过更新本地资产数据库和修改运行中游戏客户端的视觉元素来替换游戏内纹理和模型,无需重启。它包括用于自动化游戏资产更新的系统,以确保能够访问当前的装饰性资产。 应用偏好和自定义外观设置通过图形界面进行管理,并使用 JSON 配置文件进行持久化。
Modifies specific game engine values in system RAM to trigger visual changes during a live session.
CyberEngineTweaks 是《赛博朋克 2077》的模组框架,提供了一套用于引擎补丁、脚本扩展和创建游戏内交互式修改界面的工具。它是一个脚本引擎扩展和补丁工具,旨在修改引擎行为并添加自定义游戏逻辑。 该项目通过将脚本注入框架与图形用户界面库相结合,允许直接在游戏引擎内开发自定义设置菜单和覆盖层。它支持底层的引擎修改,以通过专门的补丁系统提高性能、移除视觉限制或绕过游戏限制。 该框架涵盖了广泛的功能,包括游戏逻辑脚本编写、性能调优和模组界面开发。它还包含诊断窗口和日志转储等可观测性工具,以支持模组调试工作流。
Modifies running game process memory to alter engine variables, toggle flags, and change visual states.
SuperWeChatPC 是一个微信桌面客户端的修改器,通过内存补丁和二进制钩子(binary hooks)解锁隐藏功能。它作为一个多账号消息管理器、消息数据归档器,以及一个将内部消息功能暴露给外部程序的软件接口。 该项目通过进程隔离,允许在单台计算机上同时运行多个独立的客户端实例。它允许通过绕过标准文件大小限制来传输大附件,并为程序化消息自动化提供了一个包装器。 该工具包括消息归档功能,例如防止撤回消息被删除,并将语音笔记保存到本地存储。它还提供了通过外部软件套件自动化发送和接收消息的机制。
Modifies running process memory to intercept internal function calls and redirect execution flow.
Dexposed 是一套专为 Android 设备上的动态补丁、框架拦截和代码插桩设计的运行时工具和引擎。它作为一个 Hook 框架和插桩工具,用于将自定义代码加载到正在运行的进程中,从而在不修改原始字节码的情况下改变逻辑。 该项目支持拦截和修改 Android 应用程序和系统框架内的方法行为。它特别提供了通过覆盖框架调用和在不重启的情况下对活动进程应用热补丁来绕过操作系统限制的功能。 该工具集涵盖了广泛的插桩功能,包括拦截方法执行、重定向超级方法调用以及通过运行时拦截监控系统级行为。
Overwrites memory addresses with jump instructions to divert execution flow to custom handlers.
Donut is a toolset for loading and executing payloads in memory, featuring a position-independent shellcode generator, an in-memory payload injector, and a .NET assembly loader. It is designed to convert executable files and scripts into shellcode that can be executed within the memory space of a remote process without writing files to disk. The project specializes in security evasion through memory-based patching and payload obfuscation using symmetric block ciphers and compression. It includes a remote payload stager to retrieve encrypted modules from HTTP or DNS servers during runtime, red
Patches AMSI and WLDP in memory at runtime to prevent detection of dynamically executed code.
该项目是针对微信小程序开发者环境的修改版,旨在绕过账户身份要求和服务器端域名验证。它作为一组工具和补丁,允许在没有注册账户标识符或官方开发者账户的情况下创建和测试小程序。 该工具专门禁用了 AppID 注册要求并移除了域名白名单限制。这使得开发者能够向任何外部端点发起网络请求,并在没有验证项目 ID 的情况下进行本地开发。 该实现利用网络拦截、进程内存补丁和运行时钩子注入,覆盖了开发工具内部的安全检查和验证逻辑。
Implements runtime memory patching of the IDE process to bypass mandatory identity verification.
WeChatOpenDevTools-Python 是一套软件实用程序,旨在绕过环境限制,以启用 Web 和小程序应用的调试与元素检查。它作为一个开发者工具解锁器和 Web 检查器激活器,强制激活集成的检查工具。 该项目为调试和逆向工程微信小程序提供了专门的功能。这包括访问隐藏的开发者控制台以分析活动小程序和 Web 内容的结构、网络请求和行为的能力。 这些实用程序利用底层运行时操作技术,包括动态二进制插桩、进程注入和内存补丁。该软件扫描特定的内存地址以切换内部标志并改变目标进程的执行状态。
Modifies active volatile memory in running processes to toggle internal flags and bypass developer tool restrictions.
This project is an Xposed Framework module and runtime code injector designed to modify Android application behavior. It functions as an app modifier and feature unlock tool that enables the injection of custom code and the bypassing of subscription restrictions and payment walls to grant access to premium capabilities. The system extends application user interfaces by embedding functional toggles and custom control menus directly into the settings and user pages of target apps. It allows for the injection of additional tools and enhancements through a dedicated configuration menu. The techn
Overwrites specific memory addresses in running processes to bypass logic checks and unlock restricted feature sets.
This project provides a collection of patches and modification sets for Android applications. It focuses on enhancing media consumption through the removal of advertisements and sponsored segments, while enabling deep customization of application interfaces and internal behaviors. The project employs system-level modifications, including binary hooking, bytecode manipulation, and dynamic memory patching, to override default application restrictions. These capabilities allow for the restoration of push notifications via signature spoofing, the suppression of screenshot alerts, and the automati
Employs dynamic memory patching to overwrite bytes in runtime memory to bypass restrictions.