system call hook for Linux
-
Updated
Jan 6, 2025 - C
#
syscall-hooking
Here are 16 public repositories matching this topic...
Resources About Hooking. For All Platforms. Currently 300+ Tools And 600+ Posts.
hooking api-hooking windows-hooking linux-hooking android-hooking art-hooking frida-hooking d3dx-hooking inline-hooking syscall-hooking
-
Updated
Jun 11, 2020
Inline syscalls made for MSVC supporting x64 and WOW64
microsoft windows syscalls syscall-fuzzer ssdt syscall-table ntdll syscall-hook ssdt-hook syscall-hooking ntdll-unhooking win32u
-
Updated
Jul 10, 2023 - C++
SysWhispers & HellsGate Successor, fully modular Indirect & Direct Syscall Framework - EDR/AV/AC Capability Platform
anticheat offensive-security detours syscall red-team ntdll windows-internals anti-debug lotl syscall-hooking hooking-framework edr-evasion hook-bypass indirect-syscall syscall-proxy winternals
-
Updated
Mar 1, 2026 - Rust
Rootkit for the blue team. Sophisticated and optimized LKM to detect and prevent malicious activity
-
Updated
Apr 26, 2024 - C++
The lazypoline syscall interposer
linux-kernel seccomp system-security userspace-networking syscall-hooking syscall-tracing syscall-filter
-
Updated
May 4, 2025 - C++
Author of Project Adrishya a rootkit which use ftrace mechanism to hook syscall; (write this because God commanded me); work for both x86_64 and arm; CREDIT-(Oleksii Lozovskyi{ilammy})FOUNDER OF FTRACE HOOKING
linux arm rootkit linux-kernel hacking cybersecurity device-driver arm64 linux-kernel-module malware-development low-level-programming kprobes linux-device-drivers linux-rootkit lkm-rootkit syscall-hooking rootkit-kernel ftrace-rootkit lkm-hacking ftrace-hooking
-
Updated
Sep 19, 2025 - C
This project is no longer maintained. You should check out SledRE (https://github.com/sledre/sledre) which is the continuation of it.
-
Updated
Dec 31, 2021 - C++
Enumerate which window API calls are hooked by an EDR using inline patching technique
-
Updated
Sep 27, 2022 - C++
-
Updated
Feb 10, 2022 - C
Pedagogical project demonstrating basic syscalls hooks of a linux machine
-
Updated
May 28, 2025 - C
RKHUNTER LIVE is an immersive, interactive training platform for learning rootkit detection and malware forensics on Linux systems. Featuring a fully simulated rkhunter, chkrootkit, AIDE, and Lynis environment, this platform allows security professionals and students to practice identifying kernel rootkits, rootkits, userland rootkits🕵🏿.
incident-response forensics threat-hunting malware-analysis rkhunter lynis bootkit volatility lime aide memory-forensics linux-security chkrootkit file-integrity-monitoring syscall-hooking kernel-rootkit backdoor-detection rootkit-detection process-hiding mbr-analysis
-
Updated
Mar 3, 2026 - HTML
fsh, a library provides a convenient and simple way to hook system calls using ftrace
-
Updated
Mar 19, 2023 - C
Windows 11 compatible NtUserXxx syscall hook inside Win32k with PoC implementation and Usermode framework in both of C and C++
-
Updated
Mar 29, 2026 - C++
Improve this page
Add a description, image, and links to the syscall-hooking topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the syscall-hooking topic, visit your repo's landing page and select "manage topics."