{"id":13508250,"url":"https://github.com/kfiros/execmon","last_synced_at":"2025-03-30T10:30:45.117Z","repository":{"id":216996156,"uuid":"51623918","full_name":"kfiros/execmon","owner":"kfiros","description":"Advanced process execution monitoring utility for linux (procmon like)","archived":false,"fork":false,"pushed_at":"2016-03-04T14:24:56.000Z","size":495,"stargazers_count":84,"open_issues_count":5,"forks_count":31,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-11-01T07:33:30.484Z","etag":null,"topics":["c","execve","hooks","kernel","kernel-module","linux","linux-kernel","linux-process-monitor","linux-procmon","process-monitor","procmon","syscall-hook","syscall-table","syscalls"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kfiros.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.MD","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-02-12T23:49:11.000Z","updated_at":"2024-04-23T00:17:31.000Z","dependencies_parsed_at":null,"dependency_job_id":"bdf294f3-5eea-4583-bd0b-5204f14c7a13","html_url":"https://github.com/kfiros/execmon","commit_stats":null,"previous_names":["kfiros/execmon"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kfiros%2Fexecmon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kfiros%2Fexecmon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kfiros%2Fexecmon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kfiros%2Fexecmon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kfiros","download_url":"https://codeload.github.com/kfiros/execmon/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246307578,"owners_count":20756473,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c","execve","hooks","kernel","kernel-module","linux","linux-kernel","linux-process-monitor","linux-procmon","process-monitor","procmon","syscall-hook","syscall-table","syscalls"],"created_at":"2024-08-01T02:00:50.371Z","updated_at":"2025-03-30T10:30:45.111Z","avatar_url":"https://github.com/kfiros.png","language":"C","readme":"## execmon\n`execmon` is an advanced process execution monitoring utility for linux. \n\nThe project consists of a kernel module and a user mode utility. The kernel module tracks new process executions, or precisely, intercepts the `execve` syscall.\nWhenever the kernel intercepts a new execution, it notifies the user immediately about it.\n\nIn the past, hooking syscalls in the Linux kernel was an easier task, however, in newer kernels, assembly stubs were added to the syscalls.\n`execmon` overcomes this obstacle, patching the kernel on the fly. For this purpose I used the open source project Udis86.\n\n\u003cimg src=\"https://raw.githubusercontent.com/kfiros/execmon/master/execmon.png\" /\u003e\n\n### Future Goals\n* Intercept more syscalls\n* Better graphical data presentation for the user\n* Save sessions data\n* Support 32 bit systems\n\n### Notes\n* Currently supports only 64 bit \n* Currently Attempted to run only on Ubuntu 14.04 (Kernel 3.13)\n* Use on your own risk\n\n### How To Use\n* Compile using `make`\n* Insert the kernel module (using `insmod`)\n* Run the user application\n\n## Author\nKfir Shtober (Kfiros) 2016\n\n## Thanks \u0026 Credits\n* Ilya V. Matveychikov (https://github.com/milabs)\n* Udis86 (https://github.com/vmt/udis86)\n\n\n","funding_links":[],"categories":["C","c"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkfiros%2Fexecmon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkfiros%2Fexecmon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkfiros%2Fexecmon/lists"}