Alternatives and similar repositories for API-Hooking

Users that are interested in API-Hooking are comparing it to the libraries listed below

• 0mWindyBug / MinifilterHook
  silence file system monitoring components by hooking their minifilters
  ☆59Updated 2 years ago
• je5442804 / CreateProcessInternalW-Full
  Reimplement CreateProcessInternalW via Windows 10 20H1+/Windows 11 Base on NtCreateUserProcess-Post
  ☆77Updated last year
• shaygitub / windows-rootkit
  windows rootkit
  ☆60Updated last year
• Fatmike-GH / PELoader
  A Windows PE loader / manual mapper for executables (x86 and x64) with full TLS (Thread Local Storage) support.
  ☆84Updated 3 months ago
• void-stack / Hypervisor-Detection
  Detects virtual machines and malware analysis environments
  ☆146Updated 3 years ago
• 4l3x777 / dse_pg_bypass
  DSE & PG bypass via BYOVD attack
  ☆77Updated 6 months ago
• Rhydon1337 / windows-kernel-file-delete
  Force a file delete using a windows kernel driver
  ☆72Updated 3 years ago
• m417z / LdrDllNotificationHook
  Hook all callbacks which are registered with LdrRegisterDllNotification
  ☆96Updated 10 months ago
• android1337 / crycall
  Compile-Time Calls Obfuscator for C++14+
  ☆50Updated 2 years ago
• SweetIceLolly / Kernel_Mode_Process_Protection
  My first kernel-mode process protection driver!
  ☆37Updated 5 years ago
• GoodstudyChina / APC-injection-x86-x64
  ☆74Updated 7 years ago
• TheAenema / hm-pe-packer
  A x64 PE Packer/Protector Developed in C++ and VisualStudio
  ☆55Updated 2 years ago
• cs1ime / DICHook
  Hook NtDeviceIoControlFile with PatchGuard
  ☆107Updated 3 years ago
• A-Normal-User / NtSocket_NtClient_NtServer
  Using NtCreateFile and NtDeviceIoControlFile to realize the function of winsock（利用NtCreateFile和NtDeviceIoControlFile 实现winsock的功能）
  ☆127Updated 3 years ago
• SweetIceLolly / Prevent_File_Deletion
  Record & prevent file deletion in kernel mode
  ☆46Updated 5 years ago
• 1027565 / InstrumentationCallbacks
  A native Windows library for intercepting kernel-to-user transitions using instrumentation callbacks
  ☆28Updated 2 years ago
• Flawww / ObfuscatedJumpGenerator
  Dynamically generated obfuscated jumps and/or function calls
  ☆38Updated 2 years ago
• adamhlt / Manual-DLL-Loader
  Custom LoadLibrary / GetProcAddress (x86 / x64) - Load DLL and retrieve functions manually
  ☆94Updated 2 years ago
• zer0condition / Demystifying-PatchGuard
  Demystifying PatchGuard is a comprehensive analysis of Microsoft's security feature called PatchGuard, which is designed to prevent unaut…
  ☆132Updated 2 years ago
• 0mWindyBug / KernelInjector
  PoC kernel to usermode injection
  ☆103Updated last year
• MahmoudZohdy / APICallProxy
  Windows API Call Obfuscation
  ☆112Updated 3 years ago
• zer0condition / ZeroThreadKernel
  Recursive and arbitrary code execution at kernel-level without a system thread creation
  ☆158Updated 2 years ago
• huoji120 / CowInjecter
  滥用cow机制进行全局注入
  ☆99Updated 5 years ago
• xenoscr / manual-syscall-detect
  A tool for detecting manual/direct syscalls in x86 and x64 processes using Nirvana Hooks.
  ☆116Updated 4 years ago
• zer0condition / checkhv_um
  tests to catch some sloppy hv impls
  ☆32Updated last month
• je5442804 / NtCreateUserProcess-Post
  NtCreateUserProcess with CsrClientCallServer for mainstream Windows x64 version
  ☆41Updated last year
• NewWorldComingSoon / llvm-msvc
  This project migrated to https://github.com/backengineering/llvm-msvc
  ☆83Updated 2 years ago
• hMihaiDavid / addscn
  Add an empty section to a PE file
  ☆53Updated 8 years ago
• noahbelsito / inteloops
  Exploits Intel's signed iqvw64e.sys driver to allow manual mapping and read/writing of memory at a kernel level.
  ☆13Updated 6 years ago
• estimated1337 / lenovo_exec
  CVE-2022-3699 with arbitrary kernel code execution capability
  ☆71Updated 3 years ago