19 个仓库
Capturing function calls to execute additional code or modify return values before the original caller receives them.
Distinct from Function Call Tracking: Existing candidates focus on mapping, invocation, or testing spies, not the behavioral interception logic.
Explore 19 awesome GitHub repositories matching software engineering & architecture · Dynamic Function Interception. Refine with filters or upvote what's useful.
LSPosed is an Android runtime hooking framework and in-memory code modifier. It functions as a system hooking tool that intercepts and modifies system and application methods in memory to change behavior without altering original installation files. The project provides a standardized interface through the Xposed Module API, allowing for the development of plugins that alter the behavior of the Android operating system and installed applications. The framework covers a range of capabilities including runtime function interception, Android system debugging, and application customization. Thes
Implements a system to capture function calls and modify return values at runtime.
Aspects is an aspect-oriented programming library and method hooking framework designed for intercepting and modifying JavaScript function behavior without altering the original source code. It serves as a runtime logic injector that allows for the addition and removal of executable code wrappers from active functions. The library enables the injection of custom logic before or after methods to change application behavior at runtime. It further provides the ability to intercept method calls to capture or override return values before they reach the caller. The framework manages these interce
Captures function calls to execute additional code or modify return values before they reach the original caller.
Chromatic is a Chromium runtime modifier and JavaScript engine injector designed to alter the low-level operational characteristics of Chromium and its embedded V8 engine. It functions as a tool for injecting custom logic into the V8 JavaScript engine to change application behavior at runtime. The project provides mechanisms for browser engine instrumentation and V8 runtime manipulation. It enables the modification of the internal execution flow of JavaScript within Chromium-based environments to extend native browser capabilities or bypass standard limitations.
Intercepts internal engine functions by replacing instruction pointers with jumps to custom logic handlers.
Xposed is a native Android runtime hooking framework and instrumentation tool. It provides a modified version of the Android app process binary to intercept and modify the behavior of system and application processes at the binary level. The framework enables Android operating system customization by altering internal function calls and runtime execution flow. It achieves this through native process instrumentation, allowing for the modification of functionality without altering original application files. The tool covers several low-level capabilities, including native library injection and
Redirects execution flow from original system functions to custom handlers using native memory manipulation.
r0capture is a tool for intercepting network traffic from Android applications. It serves as a traffic interceptor, packet sniffer, and client certificate exporter used to analyze application-layer communication on Android devices. The project provides mechanisms to bypass SSL pinning and certificate validation, allowing the decryption of encrypted traffic without modifying device trust stores. It also enables the extraction of client-side certificates from application memory for saving to local device storage. Captured network data is serialized into PCAP files to support offline protocol a
Captures plaintext network data by intercepting specific sending and receiving functions at runtime.
OpenLLMetry is an OpenTelemetry-based observability framework and instrumentation library for generative AI applications. It provides toolsets for tracing and monitoring large language model workflows, capturing telemetry from model providers, agent frameworks, and vector databases using standardized semantic conventions. The project distinguishes itself by providing a specialized evaluation and experimentation suite that associates user feedback and prompt version hashes with specific execution traces. It includes a system for tracking model reasoning paths and enforcing security guardrails
Injects monitoring logic around AI library calls to automatically record inputs, outputs, and token usage.
Detours is a library for intercepting Win32 API calls and redirecting function calls at runtime on Windows, enabling binary-level instrumentation without requiring access to the original source code. It functions as an API hooking library and binary instrumentation toolkit, allowing developers to monitor or modify the behavior of compiled Windows binaries by hooking into their function execution paths. The project achieves this through detour-based function interception, where the first few instructions of a target function are replaced with a jump to a user-supplied detour function, while pr
Replaces function entry instructions with jumps to detour functions, preserving original bytes for trampoline calls.
Tape 是一个 JavaScript 测试框架和断言库,用作 Node.js 和浏览器环境的测试运行器。它实现了 Test Anything Protocol (TAP),为测试结果提供了一种标准化的、机器可读的格式。 该项目作为跨环境测试工具,允许在服务器端和客户端环境中执行相同的测试套件,同时保持一致的输出协议。 其功能包括验证值相等性和真值、验证异常处理以及协调异步工作流。该框架还提供了用于管理测试生命周期、定义命名测试用例以及捕获函数调用或属性访问的工具。 命令行界面支持基于 glob 的测试发现、模块预加载,以及从执行中过滤特定文件或文件夹的功能。
Implements mechanisms to capture function calls and arguments for test verification.
unidbg 是一个用于在宿主机上模拟和调试 ARM32 和 ARM64 原生二进制文件的框架。它充当 Android 和 iOS 二进制调试器和原生库模拟器,允许在无需物理硬件的情况下执行原生代码。 该项目通过原生函数 Hook 框架和模型上下文协议 (MCP) 调试工具脱颖而出,该工具将模拟器状态暴露给 AI 助手以进行自动化二进制分析。它还包括一个专门的内存分析器,用于跟踪访客端分配并识别原生二进制文件中的泄漏。 该工具集涵盖了多个功能领域,包括原生代码逆向工程、指令级执行跟踪和 JNI 桥接模拟。它通过内存读/写日志和控制台调试器提供可观测性,同时利用线程安全的模拟器池来减少初始化开销。
Implements dynamic function interception by overwriting native instructions to redirect execution flow.
Dobby 是一个动态函数 Hook 框架和二进制插桩工具,旨在拦截和重定向编译二进制文件中的函数调用。它是一个跨平台、跨架构的库,为在不同操作系统和 CPU 架构上修改程序执行流提供了统一的接口。 该库通过向运行中的进程注入自定义处理程序,实现底层二进制插桩和运行时应用插桩。它常用于软件逆向工程,通过 Hook 内部函数来观察实时数据流和逻辑。 该框架涵盖了二进制补丁、运行时符号解析以及动态蹦床(trampoline)生成。它管理特定平台的内存保护,并将通用的 Hook 请求映射为特定架构的操作码,通过基于指令的 Hook 来重定向执行。
Implements a low-level framework for intercepting and redirecting function calls in compiled binaries.
Freezegun 是一个 Python 时间模拟库和系统时钟仿真器,用于将系统时钟冻结在特定的日期和时间。它作为一种测试工具,确保在软件验证过程中,依赖时间的逻辑能够产生一致且可预测的结果。 该库提供了一个兼容 asyncio 的 mock,能够保留真实的单调时钟值,防止在其他系统时间函数被冻结时导致事件循环挂起。它支持通过手动推进时钟、跳转到指定日期,或使用在调用间自动递增时间的“滴答”时钟模拟来模拟时间的流逝。 该工具包含一个 mock 排除列表,用于防止特定库被拦截,从而确保内部依赖项和第三方集成保持稳定。
Intercepts calls to the datetime and time modules to route them to a central mocked state.
This repository is a collection of JavaScript coding challenges and a comprehensive interview guide. It provides reference implementations and educational examples designed to help developers master language fundamentals and prepare for technical interviews. The project covers a wide array of specialized implementations, including functional programming patterns like currying and partial application, as well as asynchronous patterns for concurrency control. It also includes practical examples of Document Object Model manipulation and the implementation of common data structures such as stacks
Uses JavaScript proxies to intercept and monitor function calls without modifying original source code.
REFramework is a runtime modding framework for games built on the RE Engine, providing a C# plugin system with typed proxy code generation, a Lua scripting interface, an ImGui-based UI system, a runtime debugging toolkit, and a VR integration layer. At its core, it intercepts and modifies internal game engine functions and state at runtime through hooking and scripting APIs, enabling deep inspection and manipulation of live game objects. The framework distinguishes itself through typed proxy code generation that auto-creates C# interfaces from the game's type database, giving compile-time saf
Hooks into game engine methods at runtime to intercept, inspect, and modify function calls.
ScyllaHide 是一款反调试器绕过插件和逆向工程工具,旨在向目标应用隐藏调试器。它作为一个用户模式 API 钩子库和 DLL 注入框架,防止程序在被分析时检测并关闭自身。 该项目通过中和安全防御,实现了恶意软件分析和受保护软件的研究。它通过拦截和修改系统库响应,欺骗应用使其无法识别其执行环境。 该工具采用多种技术方法来保持隐蔽性,包括内联 API 钩子、系统调用代理和进程环境块 (PEB) 修补。它还处理用户模式陷阱,并利用动态库重定向来过滤敏感的 API 响应。
Uses detour-based inline API hooking to intercept and modify system calls.
HyperDbg is a hardware-assisted kernel-mode debugging platform that leverages virtualization to monitor and control system execution. By utilizing hypervisor-level primitives, it enables deep system analysis and instrumentation without relying on standard operating system debugging interfaces. The framework provides a comprehensive environment for inspecting both kernel and user-mode processes, allowing for granular control over execution flow and system state. The project distinguishes itself through a transparent debugging layer designed to remain invisible to the target environment. It emp
Hooks specific system or application functions to capture arguments and execution state for analysis.
This project is a JavaScript-based plugin framework for the Typora markdown editor. It provides a development platform to integrate custom functional logic, UI elements, and keyboard shortcuts into the editor environment. The framework distinguishes itself by offering a JSON-RPC remote interface, allowing external programs to control the editor and trigger plugin functions. It also includes a dedicated publishing system to export and upload markdown documents to external blogging platforms via API requests. The project covers a wide range of capabilities, including editor workflow automation
Implements a system for intercepting internal software functions to modify arguments or return values via hooks.
Premake is a build system generator and cross-platform build configuration tool. It functions as a scripting engine that transforms scripted workspace definitions into native project files for multiple build toolsets and compilers. Additionally, it can generate JSON-formatted compilation databases for use with language servers and static analysis tools. The project distinguishes itself through a programmable runtime that allows for internal function hooking and the interception of build logic. This extensibility enables users to create custom toolset generators, implement modular extensions f
Provides a mechanism to intercept internal functions and modify the project generation sequence at runtime.
Piko is a collection of specialized Android utilities designed for binary patching, user interface customization, media downloading, and application debugging. It functions as an APK modification framework that alters application metadata and binary resources to modify internal logic and bypass version locks. The project differentiates itself through deep application modification capabilities, including bytecode-level instruction patching, DEX file manipulation, and a dynamic hooking engine. It enables the overriding of resource files and the injection of permissions via the application manif
Features a dynamic hooking engine that intercepts function calls at runtime to redirect logic.
rdpwrap is a set of system utilities and services designed to enable, configure, and manage remote desktop protocol access and video compression settings. It functions as a service and manager that allows remote desktop connections on operating system versions where the feature is restricted or disabled by the vendor. The project provides tools to override system-level restrictions for remote access and activate remote desktop protocol services on unsupported versions. It includes a configuration tool for managing H.264 video compression and encoding settings to balance visual quality, networ
Implements dynamic function interception to redirect operating system execution flow for enabling restricted features.