khalladay / hooking-by-example
A series of increasingly complex programs demonstrating function hooking on 64 bit Windows. Culminating in a program that hooks mspaint to make it always paint orange.
☆277Updated 3 years ago
Related projects ⓘ
Alternatives and complementary repositories for hooking-by-example
- Some DLL Injection techniques in C++ implemented for both x86 and x64 windows OS processes☆328Updated 2 years ago
- Collection of undocumented Windows API declarations.☆290Updated 2 weeks ago
- A bunch of Windows anti-debugging tricks for x86 and x64.☆765Updated 3 years ago
- Handle elevation DKOM against ObRegisterCallbacks☆282Updated 6 years ago
- Anti-cheat library for Windows C++☆402Updated 2 years ago
- A x64 Windows Rootkit using SSDT or Hypervisor hook☆511Updated 2 weeks ago
- C++23 procedure hooking library.☆387Updated last week
- Anti-debugging techniques on a (bad looking) Win32 application.☆234Updated 7 months ago
- anti debugging library in c++.☆515Updated 9 months ago
- The functions interception library written on pure C and NativeAPI with UserMode and KernelMode support☆726Updated last year
- Inline syscalls made easy for windows on clang☆670Updated 4 months ago
- C++ STL in the Windows Kernel with C++ Exception Support☆392Updated last year
- C++ graphics kernel subsystem hook☆476Updated 3 years ago
- System call hook for Windows 10 20H1☆479Updated 3 years ago
- This program remaps its image to prevent the page protection of pages contained in the image from being modified via NtProtectVirtualMemo…☆562Updated 5 years ago
- X86 Mutation Engine with Portable Executable compatibility.☆448Updated 2 years ago
- Rendering on external windows via hijacking thread contexts☆378Updated 4 years ago
- A collection of c++ programs that demonstrate common ways to detect the presence of an attached debugger.☆535Updated 2 years ago
- The Universal C++ RunTime library, supporting kernel-mode C++ exception-handler and STL.☆398Updated 4 months ago
- COFF and Portable Executable format described using standard C++ with no dependencies.☆254Updated 6 months ago
- Windows inline hooking tool.☆219Updated 6 years ago
- MemoryModule which compatible with Win32 API and support exception handling☆357Updated this week
- PDBRipper is a utility for extract an information from PDB-files.☆799Updated this week
- Manual mapping without creating any threads, with rw only access☆682Updated 5 years ago
- Hook system calls on Windows by using Kaspersky's hypervisor☆1,112Updated 7 months ago
- Literally, the perfect injector.☆863Updated last year
- Detours with just single dependency - NTDLL☆608Updated 2 years ago
- Hex-Rays microcode plugin for automated simplification of Windows Kernel decompilation.☆545Updated last month
- C++ 17 or higher control flow obfuscation library for windows binaries☆323Updated 2 months ago
- DLL that hooks the NtQuerySystemInformation API and hides a process name☆281Updated last year