{"id":19149222,"url":"https://github.com/hoshimin/hooklib","last_synced_at":"2025-04-13T02:20:49.934Z","repository":{"id":40257416,"uuid":"170031915","full_name":"HoShiMin/HookLib","owner":"HoShiMin","description":"The functions interception library written on pure C and NativeAPI with UserMode and KernelMode support","archived":false,"fork":false,"pushed_at":"2023-10-10T20:57:20.000Z","size":74,"stargazers_count":739,"open_issues_count":6,"forks_count":151,"subscribers_count":24,"default_branch":"master","last_synced_at":"2025-04-04T04:12:29.470Z","etag":null,"topics":["hook","hook-api","hooking","hooklib","hooks","hooks-api","intercept","intercept-calls","x86","x86-64"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HoShiMin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-02-10T21:55:47.000Z","updated_at":"2025-03-22T01:09:35.000Z","dependencies_parsed_at":"2024-12-13T20:45:26.233Z","dependency_job_id":null,"html_url":"https://github.com/HoShiMin/HookLib","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HoShiMin%2FHookLib","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HoShiMin%2FHookLib/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HoShiMin%2FHookLib/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HoShiMin%2FHookLib/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HoShiMin","download_url":"https://codeload.github.com/HoShiMin/HookLib/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248654648,"owners_count":21140336,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hook","hook-api","hooking","hooklib","hooks","hooks-api","intercept","intercept-calls","x86","x86-64"],"created_at":"2024-11-09T08:07:15.086Z","updated_at":"2025-04-13T02:20:49.898Z","avatar_url":"https://github.com/HoShiMin.png","language":"C","readme":"# HookLib²\n## The Win32 lightweight functions interception library\n### ✔ Advantages:\n* Written on pure C\n* Extremely lightweight\n* Based on the fastest and lightweight [Zydis](https://github.com/zyantific/zydis) disassembler\n* Uses only NativeAPI functions\n* Has no other dependencies\n* Kernelmode support\n* Supports instructions relocation and thread's contexts fixup\n\n### 📰 What's new in the 2nd Gen:\n* The HookLib was completely rewritten\n* Extremely reduced allocations, processes/threads enumerations and handles manipulations count\n* Multihook/multiunhook support that hooks/unhooks multiple functions in one session\n* Extremely reduced memory consumption for usermode hooks: one hook page (4Kb) can hold 39 cells for nearest hooks that removes the need to allocate one page per each hook\n* Support for KM-\u003eUM hooks (even with support for contexts fixup directly from kernelmode):\n  * KM:Amd64 -\u003e UM:Amd64\n  * KM:Amd64 -\u003e UM:Wow64\n  * KM:i386 -\u003e UM:i386\n\n### 🔬 How it works:\n```\nTargetFunction():                                 ^ ; return\n-\u003e jmp Interceptor ------\u003e Interceptor():         |\n   ??? ; Broken bytes        ... Handler code ... |\n   ... ; Continuation \u003c--+   CallOriginal() ------|--\u003e OriginalBeginning():\n   ...         +---------|-\u003e ...                  |      ... Original beginning ...\n   ret --------+         |   ret -----------------+      ... of TargetFunction ...\n                         +------------------------------ jmp Continuation\n```\n### 🧵 Trampolines:\nSupported trampolines:\n```assembly\nJump to a relative offset:\nE9 44 33 22 11  |  jmp rip+0x11223344 ; Relative jump to ±2Gb only\n\nJump to an absolute address (x32):\nFF 25 44 33 22 11  | jmp ds:[0x11223344]\nNN NN NN NN        | \u003c- 0x11223344 is points to\n\nJump to an absolute address (x64):\nFF 25 00 00 00 00        | jmp [rip+00h]\n88 77 66 55 44 33 22 11  | \u003c- RIP is points to\n```\nTrampolines selection logic:\n```cpp\nif (relative_jumpable(fn, handler))\n{\n    set_relative_jump(fn, handler);\n}\nelse\n{\n    /*\n        'Intermediate' is an intermediate buffer that allocates\n        in the same block with the function beginning:\n    */\n    if (relative_jumpable(fn, intermediate))\n    {\n        set_relative_jump(fn, intermediate);\n        set_absolute_jump(intermediate, handler); \n    }\n    else\n    {\n        set_absolute_jump(fn, handler);\n    }\n}\n```\n### 🪡 Usage:\nAdd the **HookLib.vcxproj** to your **.sln** and add the reference to the HookLib project into your project references list as described [here](https://docs.microsoft.com/en-us/troubleshoot/cpp/add-references-managed): select project, open the project menu, click **Add -\u003e Reference** and select the HookLib.  \nThen add **./HookLib/HookLib/** folder to your header folders list and you're good to go.\n```cpp\n#include \u003cHookLib.h\u003e\n\nint func(int a, int b)\n{\n    return a + b;\n}\n\nint handler(int a, int b)\n{\n    return a * b;\n}\n\ntemplate \u003ctypename Fn\u003e\nFn hookFunc(Fn fn, Fn handler)\n{\n    return static_cast\u003cFn\u003e(hook(fn, handler));\n}\n\nvoid testSimpleHook()\n{\n    const auto orig = hookFunc(func, handler);\n    \n    assert(func(2, 3) == 6); // Hooked, the 'handler' will be called instead\n    assert(orig(2, 3) == 5);\n    \n    unhook(orig);\n\n    assert(func(2, 3) == 5);\n}\n\nvoid testCppHelpers()\n{\n    const auto holder = HookFactory::install(func, handler);\n    assert(func(2, 3) == 6);\n    assert(holder.call(2, 3) == 5);\n}\n\nint main()\n{\n    testSimpleHook();\n    testCppHelpers();\n\n    return 0;\n}\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhoshimin%2Fhooklib","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhoshimin%2Fhooklib","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhoshimin%2Fhooklib/lists"}