Skip to content

Latest commit

 

History

History
1238 lines (762 loc) · 95.4 KB

Readme_en.md

File metadata and controls

1238 lines (762 loc) · 95.4 KB

All Resource Collection Projects

Hook

  • Resources About Hooking. For All Platforms. Currently 300+ Tools And 600+ Posts.

Directory

Famous Tools

Dobby

Tools

  • [1688Star][28d] [C++] jmpews/dobby a lightweight, multi-platform, multi-architecture hook framework.
  • [316Star][4m] [ObjC] jmpews/hookzzmodules modules deps on HookZz framework.
  • [67Star][30d] [C] luoyanbei/testhookzz iOS逆向:使用HookZz框架hook游戏“我的战争”,进入上帝模式

Post

plthook

Tools

  • [283Star][28d] [C] kubo/plthook Hook function calls by replacing PLT(Procedure Linkage Table) entries.

subhook

Tools

  • [385Star][1m] [C] zeex/subhook Simple hooking library for C/C++ (x86 only, 32/64-bit, no dependencies)

whale

Tools

  • [917Star][26d] [C++] aslody/whale Hook Framework for Android/IOS/Linux/MacOS

Post

D3DX-Hook

Tools

Post

Frida-Hook

Tools

Post

Windows

monohook

Tools

hyperbone

Tools

ddimon

Tools

  • [512Star][2y] [C++] tandasat/ddimon Monitoring and controlling kernel API calls with stealth hook using EPT

mhook

Tools

Post

polyhook

Tools

infinityhook

Tools

  • [1079Star][4m] [C++] everdox/infinityhook Hook system calls, context switches, page faults and more.

minhook

Tools

Post

easyhook

Tools

Post

.NET

Tools

  • [117Star][2y] [C#] tandasat/dotnethooking Sample use cases of the .NET native code hooking technique
  • [60Star][2y] [C#] wledfor2/playhooky C# Runtime Hooking Library for .NET/Mono/Unity.
  • [34Star][4m] [C#] dangbee/dotnethook A hook proof of concept with no native dependencies. Hook both .NET methods (even framework methods) and Native methods entirely in .NET.
  • [31Star][1y] [C#] thaisenpm/loader2 Nova Hook is an open source C# cheat loader currently built for CS:GO
  • [16Star][6m] [C#] lontivero/open.winkeyboardhook A simple and easy-to-use .NET managed wrapper for Low Level Keyboard hooking.
  • [15Star][2m] [Visual Basic .NET] thaisenpm/loader1 Nova Hook is an open source VB.NET cheat loader currently built for CS:GO
  • [11Star][6m] [C#] 20chan/globalhook Simple global keyboard, mouse hook and simulation library written C#
  • [NoneStar][C#] elliesaur/dotnethook A hook proof of concept with no native dependencies. Hook both .NET methods (even framework methods) and Native methods entirely in .NET.

SSDT

Tools

Post

Tools

  • [1866Star][27d] [Py] boppreh/keyboard Hook and simulate global keyboard events on Windows and Linux.
  • [787Star][4m] [C++] ysc3839/fontmod Simple hook tool to change Win32 program font.
  • [546Star][5m] [C#] crosire/scripthookvdotnet An ASI plugin for Grand Theft Auto V, which allows running scripts written in any .NET language in-game.
  • [310Star][29d] [C] gbps/gbhv Simple x86-64 VT-x Hypervisor with EPT Hooking
  • [193Star][26d] [C#] justcoding121/windows-user-action-hook A .NET library to subscribe for Windows operating system global user actions such mouse, keyboard, clipboard & print events
  • [92Star][3y] [C++] shmuelyr/captainhook CaptainHook is perfect x86/x64 hook environment
  • [88Star][2m] [C] tinysec/iathook windows kernelmode and usermode IAT hook
  • [79Star][3y] [C] stevemk14ebr/unihook Intercept arbitrary functions at run-time, without knowing their typedefs
  • [76Star][24d] [C] danielkrupinski/vac-hooks Hook WinAPI functions used by Valve Anti-Cheat. Log calls and intercept arguments & return values. DLL written in C.
  • [45Star][10m] [C#] userr00t/universalunityhooks A framework designed to hook into and modify methods in unity games via dlls
  • [44Star][7m] [C++] wopss/renhook An open-source x86 / x86-64 hooking library for Windows.
  • [42Star][1m] [Rust] verideth/dll_hook-rs Rust code to show how hooking in rust with a dll works.
  • [40Star][1m] [C++] prekageo/winhook
  • [38Star][1m] [C++] rolfrolles/wbdeshook DLL-injection based solution to Brecht Wyseur's wbDES challenge (based on SysK's Phrack article)
  • [38Star][1m] [Assembly] muffins/rookit_playground Educational repository for learning about rootkits and Windows Kernel Hooks.
  • [35Star][2m] [C++] codereversing/wow64syscall WoW64 Syscall Hooking
  • [34Star][3y] [C++] menooker/fishhook An inline hook platform for Windows x86/x64
  • [34Star][30d] [Py] byzero512/winpwn windows pwntools
  • [32Star][2m] [C++] netdex/twinject Automated player and hooking framework for bullet hell games from the Touhou Project
  • [30Star][2m] [C] deroko/activationcontexthook hook and force process to load redirected DLL.
  • [29Star][4m] [C++] m-r-j-o-h-n/swh-injector An Injector that can inject dll into game process protected by anti cheat using SetWindowsHookEx.
  • [27Star][6m] [HTML] flyrabbit/winproject Hook, DLLInject, PE_Tool
  • [27Star][3m] [C] tinysec/runwithdll windows create process with a dll load first time via LdrHook
  • [24Star][3m] [C] david-reguera-garcia-dreg/phook Full DLL Hooking, phrack 65
  • [24Star][5m] [C] maikel233/x-hook-for-csgo Aimtux for Windows.
  • [22Star][1m] [Go] castaneai/hinako x86 WinAPI hook written in pure Go
  • [22Star][29d] [C++] xbased/xhook Hook Windows API. supports Win7/8/10 x86 and x64 platform.
  • [21Star][2m] [C] adrianyy/kernelhook Windows inline hooking tool.
  • [21Star][5m] [C] xiaofen9/ssdthook An SSDT hook for Windows
  • [19Star][5m] [Java] col-e/simplified-jna Multi-threaded JNA hooks and simplified library access to window/key/mouse functions.
  • [18Star][11m] [Assembly] egebalci/hook_api Assembly block for hooking windows API functions.
  • [16Star][5m] [C] sin5678/hidedir 使用SSDT HOOK 在windows上隐藏指定文件或者文件夹
  • [14Star][3m] [C++] hmihaidavid/hooks A DLL that performs IAT hooking
  • [13Star][4y] [C++] jonasblunck/dp Win32 API and COM hooking/tracing.
  • [13Star][7m] [C#] kanegovaert/unknown-logger An advanced Windows Keylogger with features like (Disable CMD, Screenshotter, Client Stub Builder, Low Level Keyhooks, Hide Application, Respawner, Delete Chrome and Firefox data, and more!)
  • [12Star][8m] [C++] sin5678/wow64hook wow64 syscall filter
  • [11Star][6m] [Py] debasishm89/qhook qHooK is very simple python script (dependent on pydbg) which hooks user defined Win32 APIs in any process and monitor then while process is running and at last prepare a CSV report with various interesting information which can help reverse engineer to track down / analyse unknown exploit samples / shellcode.
  • [11Star][1y] [C++] therena/findthestupidwindow Windows API hooking project to log all the windows / UIs with the exact timestamp when they are opened.
  • [11Star][6y] weixu8/registrymonitor Formely KMon, a Windows Kernel Driver designed to prevent malware attacks by monitoring the creation of registry keys in common autorun locations and prompting the user whether they want to allow the creation of the key. More of an experiment into Kernel level SSDT hooks but a fun project nonetheless
  • [10Star][7y] [Py] nitram2342/spooky-hook WinAppDbg helper script to catch API calls
  • [9Star][6m] [C++] windy32/win32-console-hook-lib A light-weight console hook library for convenient console interactions
  • [8Star][6m] [C++] mgostih/snifferih DLL Hooking Packet Sniffer
  • [8Star][27d] [C++] ivan-sincek/keylogger Windows OS keylogger with a hook mechanism (i.e. with a keyboard hook procedure).
  • [7Star][2y] [Go] nanitefactory/hookwin10calc Reverse engineered Windows 10 Calculator.exe (UWP application) hacker. 한글/漢文을 배운 윈도우 계산기 패치.
  • [5Star][2y] [C++] wanttobeno/window_keyandmousehook Window Key And Mouse Hook
  • [4Star][10m] [C++] aschrein/apiparse Small project to learn windows dll hooking techniques based on sources of renderdoc and apitrace
  • [4Star][2y] [C#] trojaner/rocketplus Adding extra functionality to RocketMod API by using method hooking [Windows x64 only]. Also provides an API for .NET Method detouring
  • [0Star][2y] [C] vallejocc/poc-find-chrome-ktlsprotocolmethod Proof of Concept code to download chrome.dll symbols from chromium symbols store and find the bssl::kTLSProtocolMethod table of pointers (usually hooked by malware)

Post

Linux

Tools

  • [140Star][7m] [C] davidbuchanan314/tardis Trace And Rewrite Delays In Syscalls: Hooking time-related Linux syscalls to warp a process's perspective of time, using ptrace.
  • [134Star][1m] [C] poliva/ldpreloadhook a quick open/close/ioctl/read/write/free function hooker
  • [94Star][30d] [C] milabs/khook Linux Kernel hooking engine (x86)
  • [68Star][1m] [C] ilammy/ftrace-hook Using ftrace for function hooking in Linux kernel
  • [45Star][2m] [C] jmpews/evilelf Malicious use of ELF such as .so inject, func hook and so on.
  • [35Star][3y] [C] jordan9001/superhide Example of hooking a linux systemcall
  • [8Star][2m] [C] rafael-santiago/kook A syscall hooking system for FreeBSD, NetBSD and also Linux.
  • [6Star][2y] [C] sizet/lkm_parse_dns_packet linux 核心模組, 使用 netfilter IPv4 hook 監聽和分析 DNS 請求和回應封包.
  • [5Star][3m] [C] deb0ch/toorkit A simple useless rootkit for the linux kernel. It is a kernel module which hooks up the open() syscall (or potentially any syscall) to replace it with a custom function.

Post

Apple

inspectivec

Tools

captainhook

Tools

  • [577Star][1y] [ObjC] rpetrich/captainhook Common hooking/monkey patching headers for Objective-C on Mac OS X and iPhone OS. MIT licensed

blockhook

Tools

Tools

  • [2032Star][3y] [Swift] urinx/iosapphook 专注于非越狱环境下iOS应用逆向研究,从dylib注入,应用重签名到App Hook
  • [1122Star][2y] [ObjC] yulingtianxia/fishchat Hook WeChat.app on non-jailbroken devices.
  • [129Star][6m] [C] rodionovd/rd_route Function hooking for macOS
  • [123Star][4m] [ObjC] smilezxlee/zxhookdetection 【iOS应用安全】hook及越狱的基本防护与检测(动态库注入检测、hook检测与防护、越狱检测、签名校验、IDA反编译分析加密协议示例)
  • [68Star][3y] [ObjC] alayshchen/xcodeappplugintemplate App Plugin Project Template For iOS App And Mac App. Make it easy to hook app.
  • [66Star][5m] [ObjC] yulingtianxia/blocktracker Tracking block args of Objective-C method based on BlockHook
  • [54Star][1m] [Perl] theos/logos Preprocessor that simplifies Objective-C hooking.
  • [53Star][4m] [ObjC] smilezxlee/zxhookutil 【iOS逆向】Tweak工具函数集,基于theos、monkeyDev

Post

Android

Hook Position

ART

arthook

Tools
Post

fasthook

Tools

edxposed

Tools

yahfa

Tools
  • [764Star][25d] [Java] pagalaxylab/yahfa Yet Another Hook Framework for ART
  • [128Star][2y] [Java] bmax121/budhook An Android hook framework written like Xposed,based on YAHFA.
Post

Substrate

hooker

Tools
  • [372Star][29d] [Py] androidhooker/hooker Hooker is an opensource project for dynamic analyses of Android applications. This project provides various tools and applications that can be use to automaticaly intercept and modify any API calls made by a targeted application.

virtualhook

Tools

Post

sandhook

Tools

  • [708Star][4m] [Java] ganyao114/sandhook Android ART Hook/Native Inline Hook/Single Instruction Hook - support 4.4 - 10.0 32/64 bit - Xposed API Compat

legend

Tools

  • [1463Star][1m] [Java] aslody/legend A framework for hook java methods.

xhook

Tools

  • [1741Star][25d] [C] iqiyi/xhook a PLT (Procedure Linkage Table) hook library for Android native ELF

androideagleeye

Tools

  • [429Star][4y] [Makefile] mindmac/androideagleeye An Xposed and adbi based module which is capable of hooking both Java and Native methods targeting Android OS.

Tools

  • [1990Star][27d] [Java] tiann/epic Dynamic java method AOP hook for Android(continution of Dexposed on ART), Supporting 4.0~10.0
  • [1763Star][2y] [Java] ac-pm/inspeckage Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)
  • [789Star][2y] [C] ele7enxxh/android-inline-hook thumb16 thumb32 arm32 inlineHook in Android
  • [575Star][27d] [Java] aslody/andhook Android dynamic instrumentation framework
  • [541Star][4m] [Java] windysha/xpatch This is a tool to repackage apk file, then the apk can load any xposed modules installed in the device. It is another way to hook an app without root device.
  • [448Star][5y] [C++] boyliang/allhookinone all method hook approachs for android such as dalvik hook, art hook, elf hook and inline hook
  • [401Star][5m] [Java] pqpo/inputmethodholder A keyboard listener for Android which by hooking the InputMethodManager.
  • [291Star][1m] [Py] antojoseph/frida-android-hooks Lets you hook Method Calls in Frida ( Android )
  • [220Star][2y] [C] gtoad/android_inline_hook Build an so file to automatically do the android_native_hook work. Supports thumb-2/arm32 and ARM64 ! With this, tools like Xposed can do android native hook.
  • [216Star][3y] [Java] zhengmin1989/wechatsportcheat 手把手教你当微信运动第一名 – 利用Android Hook进行微信运动作弊
  • [195Star][6m] [Java] panhongwei/androidmethodhook android art hook like Sophix
  • [190Star][5m] [C++] aslody/elfhook modify PLT to hook api, supported android 5\6.
  • [179Star][1m] [Java] 546669204/wechatbot-xposed A WeChat robot unit ,based on the android xposed framework hook to implement WeChat app robot functions
  • [148Star][5m] [Java] zhouat/inject-hook for android
  • [120Star][4m] [C++] melonwxd/elfhooker 兼容Android 32位和64位。基于EFL文件格式Hook的demo,hook了SurfaceFlinger进程的eglSwapBuffers函数,替换为new_eglSwapBuffers
  • [104Star][5y] [Java] rednaga/dexhook DexHook is a xposed module for capturing dynamically loaded dex files.
  • [99Star][2y] [Java] piasy/fridaandroidtracer A runnable jar that generate Javascript hook script to hook Android classes.
  • [99Star][4m] [C++] woxihuannisja/stormhook StormHook is a Android Hook Framework for Dalvik and Art
  • [63Star][28d] [JS] northwavenl/fridax Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.
  • [56Star][1m] [Rust] nccgroup/assethook LD_PRELOAD magic for Android's AssetManager
  • [51Star][2m] [Py] hrkfdn/deckard Deckard performs static and dynamic binary analysis on Android APKs to extract Xposed hooks
  • [51Star][5y] [C++] ikoz/androidsubstrate_hookingc_examples AndroidSubstrate_hookingC_examples
  • [48Star][5m] [C] shunix/androidgothook GOT Hook implemented in Android
  • [42Star][29d] [C++] chickenhook/chickenhook A linux / android / MacOS hooking framework
  • [34Star][2m] [TS] igio90/frida-onload Frida module to hook module initializations on android
  • [25Star][3m] [C++] dodola/dinlinehook simple art inline hook
  • [23Star][6m] [C++] legendl3n/smarthooker The smartest hooking library.
  • [17Star][29d] [Py] margular/frida-skeleton 本项目旨在帮助安卓测试工程师更方便地hook apk,并且自带证书绑定绕过功能
  • [17Star][25d] [C++] vito11/camerahook An prototype to hook android camera preview data of third-party and system apps
  • [15Star][2m] [Java] pnfsoftware/jeb2-andhook
  • [2Star][4y] [Java] nodoraiz/latchhooks Hack for Android app hooking using latch
  • [0Star][4y] serval-snt-uni-lu/hookranker Automatically Locating Malicious Payload in Piggybacked Android Apps (A Hook Ranking Approach)
  • [NoneStar][C] gtoad/android_inline_hook_arm64 Build an .so file to automatically do the android_native_hook work. Supports ARM64 ! With this, tools like Xposed can do android native hook.
  • [NoneStar][C++] rprop/and64inlinehook Lightweight ARMv8-A(ARM64, AArch64, Little-Endian) Inline Hook Library for Android C/C++
  • [NoneStar][Py] fanxs-t/android-ssl_read-write-hook Hook SSL_read and SSL_write functions in the Android application with Frida.

Post

Recent Add

Inline-Hook

Tools

Post

Syscall-Hook

Tools

  • [18Star][1y] [C] plexsolutions/readhook Red-team tool to hook libc read syscall with a buffer overflow vulnerability.

Post

API-Hook

Tools

  • [509Star][1m] [C++] 0x09al/rdpthief Extracting Clear Text Passwords from mstsc.exe using API Hooking.
  • [315Star][4m] [C] outflanknl/dumpert LSASS memory dumper using direct system calls and API unhooking.
  • [304Star][2y] [C] nektra/deviare2 Deviare API Hook
  • [136Star][4m] [C] hoshimin/hooklib The functions interception library written on pure C and NativeAPI with UserMode and KernelMode support
  • [54Star][5m] [C] passingtheknowledge/ganxo An opensource API hooking framework
  • [40Star][3y] [C++] tanninone/usvfs library using api hooking to implement process-local filesystem-independent file links.
  • [35Star][4m] [C++] xrivendell/pcsgolh PCSGOLH - Pointless Counter-Strike: Global Offensive Lua Hooks. A open-source Lua API for CS:GO hacking written in modern C++
  • [28Star][6m] [JS] shanselman/daskeyboard-q-nightscout Hooking up the DasKeyboard Q REST API to change the key colors in response to diabetic's glucose from NightScout
  • [11Star][2m] [Pascal] oranke/proxy-dll-generator PROXY DLL Generator / for very simple API Hooking.
  • [9Star][4y] [C++] jonasblunck/dynhook Example library for how to dynamically/statically hook/intercept unmanaged functions and APIs
  • [9Star][3m] [C++] hidd3ncod3s/runpedmp RunPE dump - I wrote this to have better control over the analysis of malwares. I can stop and analysis malware when it uses some of the API's i hook and to dump the memory while it is using RunPE/PH techniques.
  • [8Star][4m] [C++] nybble04/shady-hook Hooking API calls of a Ransomware
  • [4Star][2y] [C++] a7031x/hookapi Handy way to hook x86 or x64 API
  • [4Star][29d] [C] microwave89/ntapihook Attempt to Create a Simple and Light-weight Hook Engine Without Use of an LDE
  • [NoneStar][C++] vovkos/protolesshooks API monitoring via return-hijacking thunks; works without information about target function prototypes.

Post

Un-Hook

Tools

Post

Tools

Post

Contribute

Contents auto exported by Our System, please raise Issue if you have any question.