github.com/frida/frida-gum ↗

About frida/frida-gum

Frida-Gum is a cross-platform C library that provides the core instrumentation and introspection capabilities for the Frida dynamic analysis framework. It serves as the foundation consumed by frida-core and exposed to users through JavaScript bindings called GumJS. The library enables deep runtime inspection and modification of running processes across multiple operating systems.

The library offers three main categories of functionality. Instrumentation features include inline code hooking through Interceptor, stealthy execution tracing with Stalker, and memory access monitoring. Introspection capabilities provide access to process state like running threads, loaded modules with their imports and exports, symbol information, memory scanning, debug symbol lookup, and stack traces. Additionally, Gum includes code generation and relocation tools for multiple CPU architectures including x86, ARM, Thumb, ARM64, and MIPS, enabling the dynamic modification of native code at runtime.

Notable technical aspects include an out-of-process dynamic linker specifically for macOS systems, helper libraries for heap allocation tracking and profiling, and kernel state introspection for iOS. The project includes comprehensive testing infrastructure and distributes prebuilt devkits for developers who want to statically link Gum into their own applications. Its broad architectural support and sophisticated code manipulation capabilities make it a powerful tool for security research, reverse engineering, and dynamic program analysis.