01Hook FunctionsHook functions are predefined hooks in a program that allow you to attach or register a hook function when needed, making it available for the target.If there are no hooks, you can also obtain function pointers to encapsulate functions, but this can only be attached before or after the function runs, not during its … Read more
This article will guide you step by step in creating and running your first eBPF program on a Linux system, which outputs “Hello World!” when the execve system call occurs. The following content includes environment setup (mainly for MacOS; for Windows, you can install a Linux virtual machine using VMware and skip the environment setup … Read more
Python 3.14 has established many of its key features, and in my opinion, it is a core version that will last for many years to come. This version sets the benchmark for the Python debugging ecosystem of the era. This article will discuss the epic improvements within the Python world. Content When debugging Python code … Read more
Recently, researchers have discovered a brand new Linux rootkit—Curing—that can successfully bypass existing security tools through the io_uring interface in the Linux kernel, rendering it invisible in the system and even evading detection by modern enterprise-level security software. The io_uring interface was introduced in the Linux 5.1 version to enhance I/O operation performance, aiming to … Read more
Follow us to see more great articles like this! An update on GCC BPF support By Daroc AldenApril 2, 2025LSFMM+BPFGemini-1.5-flash translationhttps://lwn.net/Articles/1015747/ José Marchesi and David Faust opened a session on BPF (Berkeley Packet Filter) at the 2025 Linux Storage, Filesystems, Memory Management, and BPF Summit, where they presented a lengthy discussion on their work to … Read more
1. NPT is a general-purpose American standard tapered pipe thread with a thread angle of 60°. PT thread is a British standard tapered thread with a thread angle of 55°, commonly used for sealing. British pipe threads are fine threads; coarse threads have a larger thread depth, which severely reduces the strength of the external … Read more
Introduction Is it becoming increasingly difficult to capture HTTPS packets on Android systems? In high versions, adding CA certificates is not possible, and packet capture software relies on too many dependencies. When using VPN mode or HOOK programs, they can be detected by apps. The cost of countermeasures is rising. Is there a universal tool … Read more
Compiling eBPF Programs on Android Pixel 6: Hiding Processes and Changing MAC Addresses Background Previously, I found an interesting repository on GitHub called bad-bpf. After some effort, I finally managed to compile it successfully on my phone, achieving the effects of replacing text and hiding processes as described in the repository. Other functionalities have not … Read more