Displaying 1 to 20 from 24 results

awesome-frida - Awesome Frida - A curated list of Frida resources http://www

  •    

A curated list of awesome projects, libraries, and tools powered by Frida. Frida is Greasemonkey for native apps, or, put in more technical terms, it’s a dynamic code instrumentation toolkit. It lets you inject snippets of JavaScript into native apps that run on Windows, Mac, Linux, iOS and Android.

pe-sieve - Scans a given process

  •    C++

PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches. Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.

Haze Anti-Virus

  •    CSharp

Haze Anti-Virus is a anti virus written in native C++, it uses signatures and heuristics scanning. This antivirus is aimed at providing all users with a secure computer enviroment, by making it as simple to use but still packs even more features than other complex antivirus so...

cute - An event-centric publisher/subscribe model for objects inspired by the Qt framework

  •    Crystal

An event-centric publisher/subscribe model for objects inspired by the Qt framework and middleware runner. Decoupled inter-module communication Using signals, you can let your front- and back-end communicate without letting one know of the other.




GameManipTutorial - A tutorial for manipulating the rendering of a game (generally to increase its quality) if you only have a binary available

  •    C++

This document is a tutorial for manipulating the rendering of a game (generally to increase its quality) if you only have a binary available. If you ever wondered how something like DSFix, or DPFix, or many of my GeDoSaTo plugins work, then this is for you. If you have ever thought it would be great if you could do something like that too, then even better, this is for you too. Hopefully it will save you a lot of time figuring out things that become second nature when you have been doing this for half a decade or so.

funchook - Funchook - an API Hook Library

  •    C

This library depends on diStorm3. GPLv2 or later with a GPL linking exception.

plthook - Hook function calls by replacing PLT(Procedure Linkage Table) entries.

  •    C

A utility library to hook library function calls issued by specified object files (executable and libraries). This modifies PLT (Procedure Linkage Table) entries in ELF format used on most Unixes or IAT (Import Address Table) entries in PE format used on Windows. 2018-02-06: Android support was contributed by Daniel Deptford.

subhook - A simple hooking library for C/C++

  •    C

SubHook is a super-simple hooking library for C/C++ that works on Linux and Windows. It currently supports x86 and x86-64. In the following examples foo is some function or a function pointer that takes a single argument of type int and uses the same calling convention as my_foo (depends on compiler).


anticuckoo - A tool to detect and crash Cuckoo Sandbox

  •    C

A tool to detect and crash Cuckoo Sandbox. Tested in Cuckoo Sandbox Official and Accuvant's Cuckoo version. Reddit / netsec discussion about anticuckoo.

DbgChild - Debug Child Process Tool (auto attach)

  •    C

Auto from x32dbg/x64dbg Hook Process Creation - Toggle option to switch on or off the automatic hooking of the process creation. If it is off, then user must manually select Hook Process Creation at some point before child processes are spawned.

enyelkm - LKM rootkit for Linux x86 with the 2

  •    C

LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry. EnyeLKM hides files, directories and processes by inserting jumps to trampoline functions in both the system_call() and sys_enter() instructions in the kernel. All user space applications (read() , write(), etc) invoke kernel space functionality (system calls) through one of these two functions.

phook - Full DLL Hooking, phrack 65

  •    C

The process will become to a suspend state and there will be a bind socket at the port specified at the C:\ph_listen_ports.log file. 2.- To connect to the server it is necessary to use a client, similar to netcat, to an open port, in this case 1234.

frida-node - Frida Node.js bindings

  •    C++

Node.js bindings for Frida. The prebuild tool is used to handle building from source and packaging.

Open.WinKeyboardHook - A simple and easy-to-use .NET managed wrapper for Low Level Keyboard hooking.

  •    CSharp

A simple and easy-to-use .NET managed wrapper for Low Level Keyboard hooking. The main goal is to abstract away the complexities inherit to intercept and translate global keystrokes (KeyDown / KeyUp / KeyPress) in the system.

hinako - x86 WinAPI hook written in pure Go

  •    Go

Windows API hooking (x86) with golang based on trampoline function.

TARDIS - Trace And Rewrite Delays In Syscalls: Hooking time-related Linux syscalls to warp a process's perspective of time, using ptrace

  •    C

Trace And Rewrite Delays In Syscalls: Hooking time-related Linux syscalls to warp a process's perspective of time. This code is rather buggy, mainly due to my lack of understanding of the ptrace API. You probably shouldn't use it for anything serious, although it could be useful for testing/debugging certain applications.

emuhookdetector - hook detector using emulation and comparing static with dynamic outputs

  •    C

Warning!!: the code is bullshit (is only a beta prototype). The dynamic report in a non hooked machine should be very similar to static report.