{"id":30607163,"url":"https://github.com/dutchpsycho/sierra","last_synced_at":"2025-08-30T03:36:35.252Z","repository":{"id":288103524,"uuid":"962353601","full_name":"dutchpsycho/Sierra","owner":"dutchpsycho","description":"Unsignatured Detours - Runtime Advanced Hooking \u0026 Hookless API resolving","archived":false,"fork":false,"pushed_at":"2025-08-02T09:51:07.000Z","size":53,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-08-02T11:45:40.407Z","etag":null,"topics":["blueteam","detours","hook-bypass","hook-evasion","hooking","hooking-framework","iat-hooking","malware-research","minhook","redteam","redteaming-tools"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dutchpsycho.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-08T03:12:46.000Z","updated_at":"2025-08-02T09:51:10.000Z","dependencies_parsed_at":"2025-04-19T04:15:18.131Z","dependency_job_id":"321ee6a6-8724-4705-b098-12eb27b78597","html_url":"https://github.com/dutchpsycho/Sierra","commit_stats":null,"previous_names":["dutchpsycho/cvah","dutchpsycho/sk-framework","dutchpsycho/sierra-hooking-framework","dutchpsycho/sierra-framework","dutchpsycho/sierra"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/dutchpsycho/Sierra","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dutchpsycho%2FSierra","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dutchpsycho%2FSierra/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dutchpsycho%2FSierra/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dutchpsycho%2FSierra/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dutchpsycho","download_url":"https://codeload.github.com/dutchpsycho/Sierra/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dutchpsycho%2FSierra/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272800803,"owners_count":24995138,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-30T02:00:09.474Z","response_time":77,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blueteam","detours","hook-bypass","hook-evasion","hooking","hooking-framework","iat-hooking","malware-research","minhook","redteam","redteaming-tools"],"created_at":"2025-08-30T03:36:33.035Z","updated_at":"2025-08-30T03:36:35.222Z","avatar_url":"https://github.com/dutchpsycho.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"![TITAN](https://avatars.githubusercontent.com/u/199383721?s=200\u0026v=4)\n\n# SIERRA API\n\n**SIERRA** is a low-level C hooking, hook-evasion \u0026 IAT virtualization API\n\n## OVERVIEW\n\nGenerally hooks are patched or destroyed, which creates instability and introduces detection vectors, instead Sierra proxies functions or performs a \"step-over\".\n\n## WHY?\n\n\u003e *\"Popular hooking API's/Fw's are easily signatured, Detours, Minhook, ...”*\n\nSierra is a smaller rewrite of the concepts seen in Detours/Minhook but with an emphasis on security \u0026 stealth in heavily guarded enviroments\n\n* No disassembly libraries or VEH traps.\n* No `VirtualProtect` loops.\n* No static stubs.\n* No IAT noise. No loader friction.\n* No `.text` bloat\n* Hard-to-sig\n\n---\n\n## API\n\nThe following symbols are exposed by `sierra.h`:\n\n```c\n// Function resolution (IAT Virtualization, IAT evasion)\nvoid* SRGetModuleBase(const wchar_t* moduleName);\nvoid* SRGetProcedureAddrForCaller(const void* base, const char* funcName, DWORD flags);\n\n// Hook Installation\nBOOL SRSetHook(const wchar_t* moduleName, const char* funcName, SIERRA_CALLBACK callback, DWORD flags);\n\n// Hook Context\ntypedef struct _SIERRA_HOOK_CTX {\n    void*       HookedFunc;\n    void*       CleanProxy;\n    const void* ModuleBase;\n} SIERRA_HOOK_CTX;\n```\n\n---\n\n## USAGE\n\nSee [`USAGE.md`](USAGE.md) for detailed examples.\n\n---\n\n## HEADERS\n\nAll code is exported through `sierra.h`.  \nYou must compile `sierra.c` into your project.\n\n---\n\n## License\n\n**Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)**  \n\n[Full License](https://creativecommons.org/licenses/by-nc/4.0/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdutchpsycho%2Fsierra","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdutchpsycho%2Fsierra","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdutchpsycho%2Fsierra/lists"}