A series of increasingly complex programs demonstrating function hooking on 64 bit Windows. Culminating in a program that hooks mspaint to make it always paint orange.
☆330Mar 24, 2021Updated 5 years ago
Alternatives and similar repositories for hooking-by-example
Users that are interested in hooking-by-example are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- A library for intel VT-x hypervisor functionality supporting EPT shadowing.☆51Mar 11, 2021Updated 5 years ago
- windows kernelmode driver to inject dll into each and every process and perform systemwide function hooking☆54Aug 28, 2022Updated 3 years ago
- Stealthy UM <-> KM communication system without creating any system threads, permanent hooks, driver objects, section objects or device o…☆386Apr 30, 2026Updated 3 weeks ago
- Bypasses for Windows kernel callbacks PatchGuard protection☆44Aug 15, 2021Updated 4 years ago
- Anti-cheat library for Windows C++☆503Jul 22, 2022Updated 3 years ago
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- A way to detect DBI frameworks, Debuggers and VMs.☆24Nov 17, 2020Updated 5 years ago
- A C++14/17 header-only Windows memory editing library with a focus on type safety and modern C++ style.☆13Jun 3, 2019Updated 6 years ago
- Disables virtualprotect checks/hooks so you can modify memory and change memory protection in binaries protected by VMProtect.☆139Jun 13, 2021Updated 4 years ago
- Manual mapping without creating any threads, with rw only access☆814Oct 29, 2019Updated 6 years ago
- usermode standalone kernel interface☆111Jul 9, 2018Updated 7 years ago
- ☆21May 26, 2023Updated 2 years ago
- A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.☆118Feb 1, 2022Updated 4 years ago
- AntiDebugging sample sources written in C++☆349Jul 23, 2018Updated 7 years ago
- The Minimalistic x86/x64 API Hooking Library for Windows☆5,750May 5, 2026Updated 2 weeks ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- C++20, x86/x64 Hooking Libary v2.0☆1,855Nov 16, 2025Updated 6 months ago
- Windows system spy for Mouse, Keyboard and Gamepad(Joystick).☆15Jul 6, 2022Updated 3 years ago
- Analyze patches in a process☆262Jul 28, 2021Updated 4 years ago
- Example of hijacking system calls via function pointer tables☆31Jun 26, 2021Updated 4 years ago
- Collection of obfuscation, tamper-proofing, and watermarking algorithms targeting LLVM IR.☆76Nov 12, 2019Updated 6 years ago
- Process Creation, Image Load and Thread Creation Notification☆12Sep 15, 2023Updated 2 years ago
- kernel driver used to monitor the activity of BadlionAnticheat.sys by patching its IAT☆32Jul 9, 2021Updated 4 years ago
- Detours implementation (x64/x86) which used only ntdll import☆93Oct 14, 2025Updated 7 months ago
- Detours with just single dependency - NTDLL☆680Nov 25, 2025Updated 5 months ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- Inline syscalls made easy for windows on clang☆736Jun 21, 2024Updated last year
- Scripts I made to aid me in everyday reversing or just for fun...☆36Mar 25, 2019Updated 7 years ago
- Universal x86/x64 VMProtect 2.0-3.X Import fixer☆27Dec 29, 2021Updated 4 years ago
- library for importing functions from dlls in a hidden, reverse engineer unfriendly way☆1,921Aug 3, 2023Updated 2 years ago
- Reverse Engineering a signed kernel driver packed and virtualized with VMProtect 3.6☆109Mar 16, 2026Updated 2 months ago
- Simple Kernelmode DLL Injector with Manual mapping☆357Nov 29, 2023Updated 2 years ago
- IDA Plugin that fills in missing indirect CALL & JMP target information☆147Feb 15, 2026Updated 3 months ago
- Literally, the perfect injector.☆992Apr 13, 2023Updated 3 years ago
- Ghetto user mode emulation of Windows kernel drivers.☆163Oct 20, 2024Updated last year
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- Hides processes from the windows task manager using IAT hooking.☆22Mar 30, 2021Updated 5 years ago
- API monitoring via return-hijacking thunks; works without information about target function prototypes.☆117May 26, 2020Updated 5 years ago
- System call hook for Windows 10 20H1☆494Jun 26, 2021Updated 4 years ago
- MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. M…☆243Jul 26, 2020Updated 5 years ago
- Code Deobfuscator x86_32/64☆55Aug 16, 2022Updated 3 years ago
- DLL scatter manual mapper☆822Apr 10, 2021Updated 5 years ago
- Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition (version 2022)☆73Aug 11, 2023Updated 2 years ago