Starred repositories
Package packet provides access to Linux packet sockets (AF_PACKET). MIT Licensed.
A Linux Host-based Intrusion Detection System based on eBPF.
Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.
eBPF Developer Tutorial: Learning eBPF Step by Step with Examples, from Getting Started to In-Depth Topics
ebpf-go is a pure-Go library to read, modify and load eBPF programs and attach them to various hooks in the Linux kernel.
eBPF Observability - Distributed Tracing and Profiling
An example of hooking C functions at runtime
replace or modify symbol names in elf object files (relocatable and executable)
sloader is an ELF loader which aims to replace ld-linux.so of glibc.
gcc plugin providing an instrument_function attribute and other flags to allow-list functions to be instrumented
My "fork" of the gcc-python-plugin (will send patches upstream soon!)
Inject codes to another process to watch and operate other process. This is usually used as anti-virus software.
ELF packer - encrypt and inject self-decryption code into executable ELF binary target
Inject code into any process using DYLD_INSERT_LIBRARIES
Inject code to process memory, link it and run in a separate thread (ARM/AARCH64 only).
Utility for injecting executable code into a running process on x86/x64 Linux