{"id":16607040,"url":"https://github.com/mrexodia/appinithook","last_synced_at":"2025-07-17T15:37:58.162Z","repository":{"id":44697262,"uuid":"167808294","full_name":"mrexodia/AppInitHook","owner":"mrexodia","description":"Global user-mode hooking framework, based on AppInit_DLLs. The goal is to allow you to rapidly develop hooks to inject in an arbitrary process.","archived":false,"fork":false,"pushed_at":"2022-03-10T14:40:12.000Z","size":609,"stargazers_count":172,"open_issues_count":0,"forks_count":18,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-07-04T04:40:18.971Z","etag":null,"topics":["cmake","cmkr","cpp","hook-framework","hooking"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mrexodia.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-01-27T12:50:46.000Z","updated_at":"2025-06-04T02:55:14.000Z","dependencies_parsed_at":"2022-09-21T01:01:36.901Z","dependency_job_id":null,"html_url":"https://github.com/mrexodia/AppInitHook","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mrexodia/AppInitHook","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrexodia%2FAppInitHook","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrexodia%2FAppInitHook/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrexodia%2FAppInitHook/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrexodia%2FAppInitHook/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mrexodia","download_url":"https://codeload.github.com/mrexodia/AppInitHook/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mrexodia%2FAppInitHook/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265623415,"owners_count":23800160,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cmake","cmkr","cpp","hook-framework","hooking"],"created_at":"2024-10-12T01:11:25.860Z","updated_at":"2025-07-17T15:37:58.118Z","avatar_url":"https://github.com/mrexodia.png","language":"C","readme":"# AppInitHook\r\n\r\nGlobal user-mode hooking framework, based on [AppInit_DLLs](https://docs.microsoft.com/en-nz/windows/win32/dlls/secure-boot-and-appinit-dlls). The goal is to allow you to rapidly develop hooks to inject in an arbitrary process.\r\n\r\n## Building \u0026 Usage\r\n\r\n```sh\r\ncmake -B build\r\ncmake --build build --config Release\r\n```\r\n\r\nAlternatively you can open this folder in a CMake-supported IDE (Visual Studio, CLion, Qt Creator, etc).\r\n\r\nThe first time you use this framework you need to build and register `AppInitDispatcher.dll` in the `AppInitDLLs` registry key. You can do so by building the `register_AppInitDLLs` target. This will also create `AppInitHook.ini` in your build folder where you can customize which module gets loaded in which process:\r\n\r\n```ini\r\n[TestLoader.exe]\r\nModule=ExitProcess.dll\r\n```\r\n\r\nNow if you run the `TestLoader` target you should see it exits immediately instead of showing a `Hello world!` message box.\r\n\r\n## Debugging\r\n\r\nYou can use [DebugView](https://docs.microsoft.com/en-us/sysinternals/downloads/debugview) with the filter `[AppInitHook]*` to see the `dlog` and `dlogp` messages, or you can break on DLL load of `AppInitDispatcher.dll` in [x64dbg](https://x64dbg.com).\r\n\r\n## Developing modules\r\n\r\nThe `AppInitExampleModule` hooks [SetCurrentDirectoryW](https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-setcurrentdirectory):\r\n\r\n```cpp\r\n#include \"HookDll.hpp\"\r\n\r\n/* MSDN Signature:\r\nBOOL SetCurrentDirectory(\r\n\tLPCTSTR lpPathName\r\n);\r\n*/\r\nHOOK(kernelbase.dll, BOOL WINAPI, SetCurrentDirectoryW)(\r\n\tLPCWSTR lpPathName\r\n)\r\n{\r\n\tdlogp(\"'%S'\", lpPathName);\r\n\treturn original_SetCurrentDirectoryW(lpPathName);\r\n}\r\n\r\nBOOL WINAPI DllMain(\r\n\t_In_ HINSTANCE hinstDLL,\r\n\t_In_ DWORD     fdwReason,\r\n\t_In_ LPVOID    lpvReserved\r\n)\r\n{\r\n\treturn HookDllMain(hinstDLL, fdwReason, lpvReserved);\r\n}\r\n```\r\n\r\nFor more examples you can check the `Modules` folder.\r\n\r\n## Private Modules\r\n\r\nIf you enable `-DAPPINITHOOK_PRIVATE_MODULES=ON` it will look for `Private/cmake.toml` where you can add your own modules:\r\n\r\n```toml\r\n[target.MyPrivateModule]\r\ntype = \"shared\"\r\nsources = [\"MyPrivateModule/*.cpp\", \"MyPrivateModule/*.hpp\"]\r\nlink-libraries = [\"HookDll\"]\r\n```\r\n\r\nYou can set up your own private git repository in this folder if you desire, since the folder is fully ignored by the `.gitignore` of this project.\r\n\r\n## Credits\r\n\r\n- [MinHook](https://github.com/TsudaKageyu/minhook) by [Tsuda Kageyu](https://github.com/TsudaKageyu)\r\n- `ntdll.h` by [Matthijs Lavrijsen](https://github.com/Mattiwatti)\r\n- [Can Bölük](https://blog.can.ac) for helping with the `HOOK` macro\r\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrexodia%2Fappinithook","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmrexodia%2Fappinithook","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmrexodia%2Fappinithook/lists"}