https://github.com/alphaSeclab/hooking
Resources About Hooking. For All Platforms. Currently 300+ Tools And 600+ Posts.
https://github.com/alphaSeclab/hooking
android-hooking api-hooking art-hooking d3dx-hooking frida-hooking hooking inline-hooking linux-hooking syscall-hooking windows-hooking
Last synced: 11 months ago
JSON representation
Resources About Hooking. For All Platforms. Currently 300+ Tools And 600+ Posts.
- Host: GitHub
- URL: https://github.com/alphaSeclab/hooking
- Owner: alphaSeclab
- Created: 2020-06-11T07:58:58.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2020-06-11T09:02:25.000Z (almost 6 years ago)
- Last Synced: 2025-07-02T23:35:41.984Z (11 months ago)
- Topics: android-hooking, api-hooking, art-hooking, d3dx-hooking, frida-hooking, hooking, inline-hooking, linux-hooking, syscall-hooking, windows-hooking
- Size: 109 KB
- Stars: 336
- Watchers: 17
- Forks: 75
- Open Issues: 0
-
Metadata Files:
- Readme: Readme.md
- Changelog: history/Hook_20200611155954.json
Awesome Lists containing this project
- awesome-game-file-format-reversing - hooking - Massive repository of resources about hooking for all platforms (Windows, Linux, Android, iOS). Includes 300+ tools and 600+ articles. (🛠️ General Tools / 🔬 Format Analysis & Reverse Engineering)
- awesome-hacking-lists - alphaSeclab/hooking - Resources About Hooking. For All Platforms. Currently 300+ Tools And 600+ Posts. (Others)
README
# [所有收集类项目](https://github.com/alphaSeclab/all-my-collection-repos)
# Hook
- 跟Hooking相关资源。300+工具和600+文章
- [English Version](https://github.com/alphaSeclab/hooking/blob/master/Readme_en.md)
# 目录
- [高星工具](#cd57259c3562b0afd9a1c3026a7ecd7e)
- [Dobby](#9bf725c62803a4877a95f525e70ce5e3) -> [(3)工具](#e390d017c1017bd46d5b8f507f4fd3d4) [(1)文章](#a6d72ef4ede162a0e30a685e175f2826)
- [plthook](#15cdec8cb002f8ac99ef3dcc1905c31b) -> [(1)工具](#f89154bf4fc7bf4ac333dee2e5607daf)
- [subhook](#86a3d67feb05552e77c8b774dc57de62) -> [(1)工具](#c7bfc210dbe57d25b9baf46192752a01)
- [whale](#675d005d1740764eecb241c8a2515d09) -> [(1)工具](#3a82377770a448ca429284ae19705f26) [(1)文章](#629a4ee63f97fce67c975b8233abe80e)
- [D3DX-Hook](#b96702df6276c1710be6ac1c80470e65) -> [(8)工具](#48300d28294339433ac82b8bf4d4e92d) [(6)文章](#8021f4f590783d775f8f069b3ec008cd)
- [Frida-Hook](#2f3945b6dcf2f680ab3dd411f7cf55db) -> [(1)工具](#cb77f15c966122a0eb36fe507c30aaad) [(15)文章](#0709e7fb4ad72abead5a52b39b8f6a71)
- [Windows](#c48a16a5b0823472a010871aaf137a85)
- [monohook](#dcb071991b85cc82193025c458a2288b) -> [(1)工具](#0817c7b6f8e2736c66ac897160dc5261)
- [hyperbone](#cf76cb74fff06bbd90a29192699e20f0) -> [(1)工具](#cf17acbb8d83d3aeab4fed2cf014b472)
- [ddimon](#b2f70259224bfcff828ac54f3793a0a8) -> [(1)工具](#de81c2eee0069fbb8fe9f5f7a3ce0c27)
- [mhook](#8cebc34acc094d48b061564dfbe4328c) -> [(1)工具](#11194fc0dfeb5506639f48de0126e5d0) [(2)文章](#36cb78dc5ece1c2e8a2bba7a2b0a1bd1)
- [polyhook](#abbb4e134c358ca2fcdd4e524cd44f02) -> [(2)工具](#eaca31f967862193af27a292a1959525)
- [infinityhook](#890e3a0a7affe48952ead1c5f9490230) -> [(1)工具](#1844eec4bf3a1b4a68744703c1c202bd)
- [minhook](#b0d377398f50d8f7f9dc60743cfa13aa) -> [(2)工具](#4c9a8a35ade52fd64f16972e8a68e7a1) [(3)文章](#ea2742d39ff1bed30b7ce35ad808092f)
- [easyhook](#bc0813625ad5afdae8b42a1bd9a1c2b4) -> [(3)工具](#26f3fd90e7a78bbaf089137ef7901377) [(2)文章](#4a7346bc13f522e8bd1894839c0c4c0c)
- [.NET](#48f1c50fcb7495c630a34fc337a4b849) -> [(8)工具](#857e1dfab2c44af2da91032978f0e96e)
- [SSDT](#8e95ee1b5fe838ffe5dda1ce8d8b6571) -> [(6)工具](#da32ea71d0410c1420a86770a9fb1f0e) [(34)文章](#72b0e23ec112768033b81f42656993ab)
- [(48) 工具](#ef463ddf9e70b545120d01849ef666a6)
- [(45) 文章](#ad5138ec5ace48809894ffc5f123aba1)
- [Linux](#07584676bf0d2adc54dd9a0f3d6dc6e5) -> [(9)工具](#eecd435d6139119987877979e29bdb2f) [(19)文章](#c38b81500d0fc9abb6372b1aada01f6f)
- [Apple](#55f6189e26849b3daab8d76f5ec868a3)
- [inspectivec](#ab912772028a97555413c805be41abf9) -> [(1)工具](#dff0566feeb6e321cd31dacf9478d6a4)
- [captainhook](#22eb97e050393fadd7cc2da6f2527f1a) -> [(1)工具](#04bfe6387f61b8e07170308f8e20c115)
- [blockhook](#d22ce067c1e37bf1f5baedc3c18da5ff) -> [(1)工具](#8cd390f72bbe10e26acde30ec42a6ddc)
- [(8) 工具](#676bba5c840ee8156270bfcfc7d3b8d7)
- [(3) 文章](#67bd4e3298b9ff41a21101e72c42eacf)
- [Android](#3b35513a318dec7ac14c68173ecb9917)
- [Hook位置](#0fe82d44aced7fdbce0650cdf39d6b3c)
- [ART](#8a817e4fd91c0fb1531fcb994f18f6bf)
- [arthook](#7ce2be9bdcec22ae34192de162b5a16b) -> [(1)工具](#ec2ec694a999a8a6adaf029a8214482b) [(1)文章](#8b82f2cb117fe12ab5b8549cda424ead)
- [fasthook](#84050c37e997fa469d0bf2957740a26c) -> [(2)工具](#53605f8fe273227cfce6efb53f03ca5e)
- [edxposed](#a45596ac8a32884286decc3776dcc87a) -> [(1)工具](#b59634d15e0ff36530f26ea15ea14140)
- [yahfa](#e2d57f2f714c3398c5c3221f358a2bbc) -> [(2)工具](#617d992e3d5935e3f073489a6865f5bd) [(1)文章](#ff04a5c958e269af7eda93865680b8bf)
- [Substrate](#41c619b27a528b1fc4cf0e9881138d43)
- [hooker](#b27b46d6dd521ca0cbd8b0e985adf3b3) -> [(1)工具](#9cc593bb0fe4379f156c960ed57ddefc)
- [virtualhook](#4fb6e68ab88d70a5ba21daf3c748ab24) -> [(2)工具](#dc029a697388c8dd11166dc05b480af9) [(1)文章](#e1069bd619235ef63f0368c80dafe8a2)
- [sandhook](#77a4aa2e2f0a0b96f53bf6d73a9ed9a4) -> [(1)工具](#dd815766c5929bf9c831a10b0536b71e)
- [legend](#e1663df22437eac2082e12d2f43e0551) -> [(1)工具](#34f6f6cbec589ef696d862b8dd0b65f2)
- [xhook](#a7aba8e3ae6bc49848404294d1e1daf7) -> [(1)工具](#4b802273fcf67d94de34201135d7cf89)
- [androideagleeye](#b6226b7a5a4605934b0a6a9ab254f186) -> [(1)工具](#a1419c0af296c66e60c2a5dff3d7beca)
- [(35) 工具](#b7f01a8ca7061e6830e56a6e7edd30c3)
- [(42) 文章](#567c92c6319c66711d6ce7ee6d34e7d7)
- [新添加](#98fa503ca20e92cdf59d1c51249179a8)
- [Inline-Hook](#1f8ec021509b7b6b6b5d62550e386e6c) -> [(8)工具](#68ea699ec15a70060fc9c55191338622) [(52)文章](#0b51581a821919d41ac0b4007e6ef111)
- [Syscall-Hook](#16975a6e29db4c54e804c508371cd6f3) -> [(1)工具](#de570f6a46cf4ddf63da1d1d29ae6131) [(1)文章](#e6332e820833c39bfb6ca86591a77c12)
- [API-Hook](#80ef1878ee5cd38df30c0f1f2fe9daeb) -> [(15)工具](#796594632db41e5771e98ccbf3687c40) [(61)文章](#288c7565062613f05da93653dd81e710)
- [Un-Hook](#1030267e24ee5e3747b0876023f4f925) -> [(2)工具](#9402ee22b3361f18eac675a3d700b08f) [(3)文章](#5b9e84f7909d65e65242b7ed92df88eb)
- [(146) 工具](#a59a8c7582765d7653d4ef05cfde9ee0)
- [(349) 文章](#35bcd6dfdf8eb61a1c5f41cf90eed31f)
***
- [**1688**星][28d] [C++] [jmpews/dobby](https://github.com/jmpews/Dobby) 轻量级,多平台,多体系结构的Hook框架(曾用名:HookZz)
- [**316**星][4m] [ObjC] [jmpews/hookzzmodules](https://github.com/jmpews/hookzzmodules) modules deps on HookZz framework.
- [**67**星][30d] [C] [luoyanbei/testhookzz](https://github.com/luoyanbei/testhookzz) iOS逆向:使用HookZz框架hook游戏“我的战争”,进入上帝模式
- 2017.09 [pediy] [[原创] 利用 HookZz 实现反调试与绕过的奇淫技巧](https://bbs.pediy.com/thread-220795.htm)
***
- [**283**星][28d] [C] [kubo/plthook](https://github.com/kubo/plthook) 修改ELF文件的PLT、PE文件的IAT,实现的函数Hook
***
- [**385**星][1m] [C] [zeex/subhook](https://github.com/zeex/subhook) 简易的跨平台Hook框架,针对C/C++,只支持x86。无依赖
***
- [**917**星][26d] [C++] [aslody/whale](https://github.com/aslody/whale) Hook Framework for Android/IOS/Linux/MacOS
- 2019.01 [pediy] [[原创]Whale -- ART Hook的最方案与实践](https://bbs.pediy.com/thread-249212.htm)
***
- [**203**星][28d] [C++] [rebzzel/kiero](https://github.com/rebzzel/kiero) Universal graphical hook for a D3D9-D3D12, OpenGL and Vulcan based games.
- [**59**星][2m] [C++] [codereversing/directx9hook](https://github.com/codereversing/directx9hook) Runtime DirectX9 Hooking
- [**52**星][11m] [C++] [gaypig/directx11-hook-with-discord](https://github.com/gaypig/directx11-hook-with-discord) DirectX11 hook with discord
- [**40**星][4m] [C++] [rebzzel/universal-d3d11-hook](https://github.com/rebzzel/universal-d3d11-hook) Universal hook for DX11 based games written in C++
- [**37**星][4m] [C++] [niemand-sec/directx11hook](https://github.com/niemand-sec/directx11hook) Hooking Game Graphic Engines!
- [**11**星][4m] [C++] [guided-hacking/gh_d3d11_hook](https://github.com/guided-hacking/gh_d3d11_hook) Barebones D3D11 hook.
- [**5**星][1y] [C++] [nexus-devs/nexus-hook](https://github.com/nexus-devs/nexus-hook) Hooking functionality for DirectX11 applications
- [**0**星][3m] [Lua] [yungtry/gtasa-d3dhook](https://github.com/yungtry/gtasa-d3dhook) Directx hook GTA:SA via Cheat Engine
***
- 2018.03 [qq] [【外挂分析】hookd3d9 通用CPU优化](http://gslab.qq.com/article-426-1.html)
- 2017.12 [pediy] [[原创] Hook Directx在游戏中显示自己的文字 代码加注解 MASM](https://bbs.pediy.com/thread-223562.htm)
- 2016.03 [pediy] [[原创]非静态成员函数定位及HOOK以DirectX内部成员函数为例](https://bbs.pediy.com/thread-208253.htm)
- 2015.12 [codereversing] [Runtime DirectX Hooking](http://www.codereversing.com/blog/archives/282)
- 2014.11 [pediy] [[原创][原创]D3D HOOK 游戏透视实现](https://bbs.pediy.com/thread-194475.htm)
- 2014.06 [pediy] [[原创]从来没人公开的秘密 -----D3D HOOK的捷径](https://bbs.pediy.com/thread-189538.htm)
***
- [**76**星][2m] [Py] [hamz-a/jeb2frida](https://github.com/hamz-a/jeb2frida) Automated Frida hook generation with JEB
***
- 2020.05 [aliyun] [How to hook Android Native methods with Frida (Noob Friendly)](https://xz.aliyun.com/t/7729)
- 2020.05 [aliyun] [使用Frida给apk脱壳并穿透加固Hook函数](https://xz.aliyun.com/t/7670)
- 2020.04 [wundercontrol] [[Android] Hooking void method - Frida](https://www.youtube.com/watch?v=ArWOZJRE-jU)
- 2019.11 [securify] [Android Frida hooking: disabling FLAG_SECURE](https://www.securify.nl/en/blog/SFY20191103/android-frida-hooking_-disabling-flag_secure.html)
- 2019.10 [securify] [Automated Frida hook generation with JEB](https://www.securify.nl/en/blog/SFY20191006/automated-frida-hook-generation-with-jeb.html)
- 2019.01 [fuzzysecurity] [Windows Hacking 之:ApplicationIntrospection & Hooking With Frida](http://fuzzysecurity.com/tutorials/29.html)
- 2018.11 [freebuf] [Frida-Wshook:一款基于Frida.re的脚本分析工具](https://www.freebuf.com/sectool/188726.html)
- 2018.09 [pediy] [[原创]使用frida来hook加固的Android应用的java层](https://bbs.pediy.com/thread-246767.htm)
- 2018.07 [pediy] [[原创]在windows搭建frida hook环境碰到问题](https://bbs.pediy.com/thread-230138.htm)
- 2018.07 [pediy] [[原创]进阶Frida--Android逆向之动态加载dex Hook(三)(下篇)](https://bbs.pediy.com/thread-229657.htm)
- 2018.07 [pediy] [[原创]进阶Frida--Android逆向之动态加载dex Hook(三)(上篇)](https://bbs.pediy.com/thread-229597.htm)
- 2018.06 [pediy] [[原创]初识Frida--Android逆向之Java层hook (二)](https://bbs.pediy.com/thread-227233.htm)
- 2018.06 [pediy] [[原创]初识Frida--Android逆向之Java层hook (一)](https://bbs.pediy.com/thread-227232.htm)
- 2017.08 [notsosecure] [如何动态调整使用 Android 的NDK 编写的代码,即:使用 Frida Hook C/ C++ 开发的功能。](https://www.notsosecure.com/instrumenting-native-android-functions-using-frida/)
- 2017.04 [fuping] [Android HOOK 技术之Frida的初级使用](https://fuping.site/2017/04/01/Android-HOOK-%E6%8A%80%E6%9C%AF%E4%B9%8BFrida%E7%9A%84%E5%88%9D%E7%BA%A7%E4%BD%BF%E7%94%A8/)
***
- [**269**星][30d] [C#] [misaka-mikoto-tech/monohook](https://github.com/Misaka-Mikoto-Tech/MonoHook) hook C# method at runtime without modify dll file (such as UnityEditor.dll)
***
- [**423**星][1y] [C] [darthton/hyperbone](https://github.com/darthton/hyperbone) 极简的带Hook的VT-x hypervisor
***
- [**512**星][2y] [C++] [tandasat/ddimon](https://github.com/tandasat/ddimon) 通过使用扩展页表(EPT),执行内联hook的hypervisor,对访客(即除DdiMon之外的任何代码)是不可见的
***
- [**512**星][30d] [C] [martona/mhook](https://github.com/martona/mhook) A Windows API hooking library
- 2017.11 [apriorit] [Mhook Enhancements: 10x Speed Improvement and Other Fixes](https://www.apriorit.com/dev-blog/469-mhook-enhancements)
- 2014.09 [pediy] [[原创]MHOOK中跳板复用bug分析](https://bbs.pediy.com/thread-192760.htm)
***
- [**646**星][9m] [C++] [stevemk14ebr/polyhook](https://github.com/stevemk14ebr/polyhook) x86/x64 C++ Hooking Library
- [**515**星][27d] [C++] [stevemk14ebr/polyhook_2_0](https://github.com/stevemk14ebr/polyhook_2_0) C++17, x86/x64 Hooking Libary v2.0
***
- [**1079**星][4m] [C++] [everdox/infinityhook](https://github.com/everdox/infinityhook) Hook system calls, context switches, page faults and more.
***
- [**1364**星][28d] [C] [tsudakageyu/minhook](https://github.com/tsudakageyu/minhook) 最小化的x86/x64 API Hook 库
- [**28**星][2y] [C] [sentinel-one/minhook](https://github.com/sentinel-one/minhook) The Minimalistic x86/x64 API Hooking Library for Windows
- 2019.03 [aliyun] [minhook源码阅读分析](https://xz.aliyun.com/t/4468)
- 2017.09 [pediy] [[原创]MinHook测试与分析(x64下 E9,EB,CALL指令测试,且逆推测试微软热补丁)](https://bbs.pediy.com/thread-221418.htm)
- 2017.09 [pediy] [[原创]MinHook测试分析01 (x86的jmp+offset类型hook)](https://bbs.pediy.com/thread-220877.htm)
***
- [**1707**星][1y] [C] [easyhook/easyhook](https://github.com/easyhook/easyhook) 重新发明了Windows API挂钩
- [**67**星][27d] [C#] [easyhook/easyhook-tutorials](https://github.com/easyhook/easyhook-tutorials) Contains the source code for the EasyHook tutorials found at
- [**14**星][5m] [C#] [ulysseswu/vinjex](https://github.com/ulysseswu/vinjex) A simple DLL injection lib using Easyhook, inspired by VInj.
- 2017.11 [BinaryAdventure] [EasyHook x64 Notepad API Hook part 2](https://www.youtube.com/watch?v=ro07dEPyGmY)
- 2017.11 [BinaryAdventure] [API Hooking - Using EasyHook to hook NtCreateFile in Notepad.exe](https://www.youtube.com/watch?v=o3H4E278y_g)
***
- [**117**星][2y] [C#] [tandasat/dotnethooking](https://github.com/tandasat/dotnethooking) Sample use cases of the .NET native code hooking technique
- [**60**星][2y] [C#] [wledfor2/playhooky](https://github.com/wledfor2/playhooky) C# Runtime Hooking Library for .NET/Mono/Unity.
- [**34**星][4m] [C#] [dangbee/dotnethook](https://github.com/dangbee/dotnethook) A hook proof of concept with no native dependencies. Hook both .NET methods (even framework methods) and Native methods entirely in .NET.
- [**31**星][1y] [C#] [thaisenpm/loader2](https://github.com/thaisenpm/loader2) Nova Hook is an open source C# cheat loader currently built for CS:GO
- [**16**星][6m] [C#] [lontivero/open.winkeyboardhook](https://github.com/lontivero/open.winkeyboardhook) A simple and easy-to-use .NET managed wrapper for Low Level Keyboard hooking.
- [**15**星][2m] [Visual Basic .NET] [thaisenpm/loader1](https://github.com/thaisenpm/loader1) Nova Hook is an open source VB.NET cheat loader currently built for CS:GO
- [**11**星][6m] [C#] [20chan/globalhook](https://github.com/20chan/GlobalHook) Simple global keyboard, mouse hook and simulation library written C#
- [**None**星][C#] [elliesaur/dotnethook](https://github.com/elliesaur/dotnethook) A hook proof of concept with no native dependencies. Hook both .NET methods (even framework methods) and Native methods entirely in .NET.
***
- [**58**星][3y] [C++] [int0/processisolator](https://github.com/int0/processisolator) Utility to hook SSDT of specific process and transfer control to a service (usermode app) for handling to determine action allow/deny API call etc.
- [**12**星][5y] [C] [s18leoare/hackshield-driver-bypass](https://github.com/s18leoare/hackshield-driver-bypass) Bypass HackShield several specific SSDT hook in Ring0
- [**8**星][3m] [C] [papadp/shd](https://github.com/papadp/shd) Ssdt Hook Detection tool
- [**7**星][11m] [C] [cherryzy/process_protect_module](https://github.com/cherryzy/process_protect_module) Monitor and protect processes use "PsSetCreateProcessNotifyRoutineEx" and kernel ssdt hook.
- [**6**星][6y] [C++] [wyrover/hkkerneldbg](https://github.com/wyrover/hkkerneldbg) F**k ssdt hook in np, tp, hs
- [**3**星][2y] [C] [sqdwr/64-bits-inserthook](https://github.com/sqdwr/64-bits-inserthook) insert a ssdt table to hook
- 2018.12 [pediy] [[原创]过用户层HOOK 驱动层SSDT HOOK (之进程保护篇)](https://bbs.pediy.com/thread-248583.htm)
- 2018.11 [pediy] [[分享][原创]Win7 x86 SSDT Inline Hook](https://bbs.pediy.com/thread-247983.htm)
- 2016.05 [pediy] [[原创]关于Win7 x64 Shadow SSDT 的探索和 Inline HOOK](https://bbs.pediy.com/thread-210481.htm)
- 2015.12 [insinuator] [Investigating Memory Analysis Tools – SSDT Hooking via Pointer Replacement](https://insinuator.net/2015/12/investigating-memory-analysis-tools-ssdt-hooking-via-pointer-replacement/)
- 2015.09 [pediy] [[原创]旧代码分享:绕过卡巴斯基主动防御,加载驱动,unhook所有SSDT&Shadow SSDT](https://bbs.pediy.com/thread-204492.htm)
- 2015.09 [pediy] [原创 普及X64 ssdtshadow inline HOOK](https://bbs.pediy.com/thread-204323.htm)
- 2015.05 [pediy] [[原创]SSDT InlineHook学习笔记](https://bbs.pediy.com/thread-200431.htm)
- 2013.12 [pediy] [[原创]SSDT Hook 详细过程](https://bbs.pediy.com/thread-183132.htm)
- 2013.12 [pediy] [[原创]Win8 32位中SSDT Shadow Hook的实现方法](https://bbs.pediy.com/thread-182355.htm)
- 2013.08 [pediy] [[原创]Win32Asm 驱动学习笔记《 HOOK SSDT》](https://bbs.pediy.com/thread-176717.htm)
- 2013.08 [pediy] [[原创]新手学ssdt_hook](https://bbs.pediy.com/thread-176477.htm)
- 2013.06 [pediy] [[原创]一份简单的内核通用HOOK 带使用例子(带简单SSDT恢复)~](https://bbs.pediy.com/thread-174170.htm)
- 2012.07 [pediy] [[原创]汇编与驱动-采用SSDT Hook NtOpenProcess保护进程](https://bbs.pediy.com/thread-153176.htm)
- 2012.06 [pediy] [[原创]E语言ring0 inline &ssdt hook](https://bbs.pediy.com/thread-152603.htm)
- 2011.12 [pediy] [[原创]谈谈 通杀SSDT hook和Shadow SSDT hook的方法](https://bbs.pediy.com/thread-143987.htm)
- 2011.08 [sevagas] [Hide files using SSDT hooking](https://blog.sevagas.com/?Hide-files-using-SSDT-hooking)
- 2011.07 [pediy] [[原创]shadow_ssdt_hook_2.asm](https://bbs.pediy.com/thread-136321.htm)
- 2010.12 [pediy] [[翻译]系统范围内挂钩Native API控制进程创建(SSDT HOOK)](https://bbs.pediy.com/thread-126574.htm)
- 2010.12 [pediy] [[原创](开源)一个简单的ssdthook进程名 保护进程 兼容2000以后所有x86系统](https://bbs.pediy.com/thread-126077.htm)
- 2009.10 [pediy] [[原创]FSD HOOK与SSDT HOOK恢复简单思路](https://bbs.pediy.com/thread-99970.htm)
- 2009.02 [pediy] [[原创]Anti SSDT Hook](https://bbs.pediy.com/thread-82066.htm)
- 2008.12 [pediy] [[原创]打造自己的HOOK引擎 之一 --- SSDT HOOK引擎](https://bbs.pediy.com/thread-79247.htm)
- 2008.12 [pediy] [[原创]inline hook SSDT 躲避 Themida 的ThreadHideFromDebugger (学习笔记2)](https://bbs.pediy.com/thread-78423.htm)
- 2008.12 [pediy] [[原创]扫盲贴,HOOK SSDT 短文一篇。](https://bbs.pediy.com/thread-78218.htm)
- 2008.11 [pediy] [[原创]HOOK SSDT AND HOOK Shadow SSDT FOR DELPHI](https://bbs.pediy.com/thread-77500.htm)
- 2008.11 [talosintelligence] [Fun with SSDT Hooks and DEP](https://blog.talosintelligence.com/2008/11/fun-with-ssdt-hooks-and-dep.html)
- 2008.08 [pediy] [[原创]分享比较完整的ROOTKIT DEMO! 原来Shadow Hook和SSDT Hook一样容易!](https://bbs.pediy.com/thread-70083.htm)
- 2008.07 [pediy] [[原创]重现SSDT-Shadow Hook编译通过的代码,献给所有,有共享精神的人](https://bbs.pediy.com/thread-67656.htm)
- 2008.06 [pediy] [[原创]Hook Shadow SSDT](https://bbs.pediy.com/thread-65931.htm)
- 2008.05 [pediy] [[原创]谈谈对于SSDT中的API进行双层HOOK的通用处理模式](https://bbs.pediy.com/thread-64798.htm)
- 2008.04 [pediy] [[原创]SSDT Hook For Delphi](https://bbs.pediy.com/thread-63611.htm)
- 2008.01 [pediy] [[原创]RootKit hook之[二] SSDT hook](https://bbs.pediy.com/thread-58199.htm)
- 2007.08 [pediy] [[原创]用DDDK编写驱动,修改SSDT表HOOK NTDebugActiveProcess函数](https://bbs.pediy.com/thread-50052.htm)
- 2007.03 [pediy] [[原创]SSDT Hook的妙用-对抗ring0 inline hook](https://bbs.pediy.com/thread-40832.htm)
***
- [**1866**星][27d] [Py] [boppreh/keyboard](https://github.com/boppreh/keyboard) 在Windows和Linux上挂钩和模拟全局键盘事件
- [**787**星][4m] [C++] [ysc3839/fontmod](https://github.com/ysc3839/fontmod) 修改 Win32 程序字体的简单的 hook 工具。可用于一些基于 GDI 或者 Qt 的程序
- [**546**星][5m] [C#] [crosire/scripthookvdotnet](https://github.com/crosire/scripthookvdotnet) An ASI plugin for Grand Theft Auto V, which allows running scripts written in any .NET language in-game.
- [**310**星][29d] [C] [gbps/gbhv](https://github.com/gbps/gbhv) Simple x86-64 VT-x Hypervisor with EPT Hooking
- [**193**星][26d] [C#] [justcoding121/windows-user-action-hook](https://github.com/justcoding121/windows-user-action-hook) A .NET library to subscribe for Windows operating system global user actions such mouse, keyboard, clipboard & print events
- [**92**星][3y] [C++] [shmuelyr/captainhook](https://github.com/shmuelyr/captainhook) CaptainHook is perfect x86/x64 hook environment
- [**88**星][2m] [C] [tinysec/iathook](https://github.com/tinysec/iathook) windows内核模式和用户模式IAT hook
- [**79**星][3y] [C] [stevemk14ebr/unihook](https://github.com/stevemk14ebr/unihook) Intercept arbitrary functions at run-time, without knowing their typedefs
- [**76**星][24d] [C] [danielkrupinski/vac-hooks](https://github.com/danielkrupinski/vac-hooks) Hook WinAPI functions used by Valve Anti-Cheat. Log calls and intercept arguments & return values. DLL written in C.
- [**45**星][10m] [C#] [userr00t/universalunityhooks](https://github.com/userr00t/universalunityhooks) A framework designed to hook into and modify methods in unity games via dlls
- [**44**星][7m] [C++] [wopss/renhook](https://github.com/wopss/renhook) An open-source x86 / x86-64 hooking library for Windows.
- [**42**星][1m] [Rust] [verideth/dll_hook-rs](https://github.com/verideth/dll_hook-rs) Rust code to show how hooking in rust with a dll works.
- [**40**星][1m] [C++] [prekageo/winhook](https://github.com/prekageo/winhook)
- [**38**星][1m] [C++] [rolfrolles/wbdeshook](https://github.com/rolfrolles/wbdeshook) DLL-injection based solution to Brecht Wyseur's wbDES challenge (based on SysK's Phrack article)
- [**38**星][1m] [Assembly] [muffins/rookit_playground](https://github.com/muffins/rookit_playground) Educational repository for learning about rootkits and Windows Kernel Hooks.
- [**35**星][2m] [C++] [codereversing/wow64syscall](https://github.com/codereversing/wow64syscall) WoW64 Syscall Hooking
- [**34**星][3y] [C++] [menooker/fishhook](https://github.com/menooker/fishhook) An inline hook platform for Windows x86/x64
- [**34**星][30d] [Py] [byzero512/winpwn](https://github.com/byzero512/winpwn) for CTF windows pwn and IAT/EAT hook
- [**32**星][2m] [C++] [netdex/twinject](https://github.com/netdex/twinject) Automated player and hooking framework for bullet hell games from the Touhou Project
- [**30**星][2m] [C] [deroko/activationcontexthook](https://github.com/deroko/activationcontexthook) Hook 进程,强制进程加载重定向的 DLL
- [**29**星][4m] [C++] [m-r-j-o-h-n/swh-injector](https://github.com/m-r-j-o-h-n/swh-injector) An Injector that can inject dll into game process protected by anti cheat using SetWindowsHookEx.
- [**27**星][6m] [HTML] [flyrabbit/winproject](https://github.com/flyrabbit/winproject) Hook, DLLInject, PE_Tool
- [**27**星][3m] [C] [tinysec/runwithdll](https://github.com/tinysec/runwithdll) windows create process with a dll load first time via LdrHook
- [**24**星][3m] [C] [david-reguera-garcia-dreg/phook](https://github.com/david-reguera-garcia-dreg/phook) Full DLL Hooking, phrack 65
- [**24**星][5m] [C] [maikel233/x-hook-for-csgo](https://github.com/maikel233/x-hook-for-csgo) Aimtux for Windows.
- [**22**星][1m] [Go] [castaneai/hinako](https://github.com/castaneai/hinako) x86 WinAPI hook written in pure Go
- [**22**星][29d] [C++] [xbased/xhook](https://github.com/xbased/xhook) Hook Windows API. supports Win7/8/10 x86 and x64 platform.
- [**21**星][2m] [C] [adrianyy/kernelhook](https://github.com/adrianyy/kernelhook) Windows inline hooking tool.
- [**21**星][5m] [C] [xiaofen9/ssdthook](https://github.com/xiaofen9/ssdthook) An SSDT hook for Windows
- [**19**星][5m] [Java] [col-e/simplified-jna](https://github.com/col-e/simplified-jna) Multi-threaded JNA hooks and simplified library access to window/key/mouse functions.
- [**18**星][11m] [Assembly] [egebalci/hook_api](https://github.com/egebalci/hook_api) Assembly block for hooking windows API functions.
- [**16**星][5m] [C] [sin5678/hidedir](https://github.com/sin5678/hidedir) 使用SSDT HOOK 在windows上隐藏指定文件或者文件夹
- [**14**星][3m] [C++] [hmihaidavid/hooks](https://github.com/hmihaidavid/hooks) A DLL that performs IAT hooking
- [**13**星][4y] [C++] [jonasblunck/dp](https://github.com/jonasblunck/dp) Win32 API and COM hooking/tracing.
- [**13**星][7m] [C#] [kanegovaert/unknown-logger](https://github.com/kanegovaert/unknown-logger) An advanced Windows Keylogger with features like (Disable CMD, Screenshotter, Client Stub Builder, Low Level Keyhooks, Hide Application, Respawner, Delete Chrome and Firefox data, and more!)
- [**12**星][8m] [C++] [sin5678/wow64hook](https://github.com/sin5678/wow64hook) wow64 syscall filter
- [**11**星][6m] [Py] [debasishm89/qhook](https://github.com/debasishm89/qhook) qHooK is very simple python script (dependent on pydbg) which hooks user defined Win32 APIs in any process and monitor then while process is running and at last prepare a CSV report with various interesting information which can help reverse engineer to track down / analyse unknown exploit samples / shellcode.
- [**11**星][1y] [C++] [therena/findthestupidwindow](https://github.com/therena/findthestupidwindow) Windows API hooking project to log all the windows / UIs with the exact timestamp when they are opened.
- [**11**星][6y] [weixu8/registrymonitor](https://github.com/weixu8/registrymonitor) Formely KMon, a Windows Kernel Driver designed to prevent malware attacks by monitoring the creation of registry keys in common autorun locations and prompting the user whether they want to allow the creation of the key. More of an experiment into Kernel level SSDT hooks but a fun project nonetheless
- [**10**星][7y] [Py] [nitram2342/spooky-hook](https://github.com/nitram2342/spooky-hook) WinAppDbg helper script to catch API calls
- [**9**星][6m] [C++] [windy32/win32-console-hook-lib](https://github.com/windy32/win32-console-hook-lib) A light-weight console hook library for convenient console interactions
- [**8**星][6m] [C++] [mgostih/snifferih](https://github.com/mgostih/snifferih) DLL Hooking Packet Sniffer
- [**8**星][27d] [C++] [ivan-sincek/keylogger](https://github.com/ivan-sincek/keylogger) Windows OS keylogger with a hook mechanism (i.e. with a keyboard hook procedure).
- [**7**星][2y] [Go] [nanitefactory/hookwin10calc](https://github.com/nanitefactory/hookwin10calc) Reverse engineered Windows 10 Calculator.exe (UWP application) hacker. 한글/漢文을 배운 윈도우 계산기 패치.
- [**5**星][2y] [C++] [wanttobeno/window_keyandmousehook](https://github.com/wanttobeno/window_keyandmousehook) Window Key And Mouse Hook
- [**4**星][10m] [C++] [aschrein/apiparse](https://github.com/aschrein/apiparse) Small project to learn windows dll hooking techniques based on sources of renderdoc and apitrace
- [**4**星][2y] [C#] [trojaner/rocketplus](https://github.com/trojaner/rocketplus) Adding extra functionality to RocketMod API by using method hooking [Windows x64 only]. Also provides an API for .NET Method detouring
- [**0**星][2y] [C] [vallejocc/poc-find-chrome-ktlsprotocolmethod](https://github.com/vallejocc/poc-find-chrome-ktlsprotocolmethod) Proof of Concept code to download chrome.dll symbols from chromium symbols store and find the bssl::kTLSProtocolMethod table of pointers (usually hooked by malware)
***
- 2020.03 [apriorit] [How to Hook 64-Bit Code from WOW64 32-Bit Mode](https://www.apriorit.com/dev-blog/665-win-hook-64-bit-code-from-32-bit-mode)
- 2019.10 [sentinelone] [How TrickBot Hooking Engine Targets Windows 10 Browsers](https://www.sentinelone.com/blog/how-trickbot-hooking-engine-targets-windows-10-browsers/)
- 2019.08 [contextis] [Common Language Runtime Hook for Persistence](https://www.contextis.com/en/blog/common-language-runtime-hook-for-persistence)
- 2019.05 [vimeo] [DKOM 3.0: Hiding and Hooking with Windows Extension Hosts - Alex Ionescu, Gabrielle Viala, Yarden Shafir - INFILTRATE 2019](https://vimeo.com/335166152)
- 2019.04 [fsx30] [Hooking Heaven’s Gate — a WOW64 hooking technique](https://medium.com/p/5235e1aeed73)
- 2019.01 [pediy] [[原创][Hook][ws2_32.dll]](https://bbs.pediy.com/thread-249249.htm)
- 2019.01 [4hou] [绕过EDR内存保护的新方法:NTDLL IAT Hook](http://www.4hou.com/system/15956.html)
- 2018.11 [aliyun] [Hook深度研究:监视WOW64程序在系统中的执行情况](https://xz.aliyun.com/t/3311)
- 2018.03 [malwarebytes] [恶意软件Hancitor最新版除使用processhollowing注入技巧之外, 创建kernel32.dll的副本, 绕过R3 Hook监控, 躲避检测](https://blog.malwarebytes.com/threat-analysis/2018/03/hancitor-fileless-attack-with-a-copy-trick/)
- 2017.12 [4hou] [一篇文章教你如何检测Win API Hooks(Ring3)](http://www.4hou.com/system/9112.html)
- 2017.11 [rootedconmadrid] [Pablo San Emeterio - WHF: Windows Hooking Framework [RootedCON 2012 - ESP]](https://www.youtube.com/watch?v=1yNhZ62C2bw)
- 2017.07 [huntingmalware] [Hooking Windows events without knowing anything about C/C++](https://blog.huntingmalware.com/notes/WMI)
- 2017.06 [eyeofrablog] [Windows 键盘记录器 Part 2: 如何检测 Part 1 中提到的Hook 方式](https://eyeofrablog.wordpress.com/2017/06/27/windows-keylogger-part-2-defense-against-user-land/)
- 2017.05 [4hou] [利用global API hooks在Win7系统下隐藏进程](http://www.4hou.com/technology/4395.html)
- 2017.04 [3gstudent] [利用globalAPIhooks在Win7系统下隐藏进程](https://3gstudent.github.io/3gstudent.github.io/%E5%88%A9%E7%94%A8globalAPIhooks%E5%9C%A8Win7%E7%B3%BB%E7%BB%9F%E4%B8%8B%E9%9A%90%E8%97%8F%E8%BF%9B%E7%A8%8B/)
- 2017.04 [3gstudent] [利用globalAPIhooks在Win7系统下隐藏进程](https://3gstudent.github.io/3gstudent.github.io/%E5%88%A9%E7%94%A8globalAPIhooks%E5%9C%A8Win7%E7%B3%BB%E7%BB%9F%E4%B8%8B%E9%9A%90%E8%97%8F%E8%BF%9B%E7%A8%8B/)
- 2016.06 [pediy] [[原创]windows x64 hook KiSystemCall64](https://bbs.pediy.com/thread-210886.htm)
- 2016.01 [freebuf] [DLL注入的几种姿势(一):Windows Hooks](http://www.freebuf.com/articles/system/93413.html)
- 2015.09 [pediy] [[原创]win7 x64 下的Object Hook](https://bbs.pediy.com/thread-203767.htm)
- 2015.06 [codereversing] [Syscall Hooking Under WoW64: Implementation (2/2)](http://www.codereversing.com/blog/archives/246)
- 2015.06 [codereversing] [Syscall Hooking Under WoW64: Introduction (1/2)](http://www.codereversing.com/blog/archives/243)
- 2015.01 [debasish] [qHooK - Not Just a Win32 API Hooking Script](http://www.debasish.in/2015/01/qhook-not-just-win32-api-hooking-script.html)
- 2014.11 [hypervsir] [Using LBR (Last Branch Record) Feature to Detect IDT-Shadowing-Based Malicious IDT Hooking](http://hypervsir.blogspot.com/2014/11/using-lbr-last-branch-record-feature-to.html)
- 2014.07 [pediy] [[原创]暑假浅谈系列第二帖——win7 object hook](https://bbs.pediy.com/thread-189802.htm)
- 2014.02 [evilsocket] [How to Hook Win32 API With Kernel Patching](https://www.evilsocket.net/2014/02/01/keservicedescriptortable-patching-aka-how-to-hook-win32-api-patching-the-kernel/)
- 2012.09 [volatility] [MoVP 3.1 Detecting Malware Hooks in the Windows GUI Subsystem](https://volatility-labs.blogspot.com/2012/09/movp-31-detecting-malware-hooks-in.html)
- 2012.04 [pediy] [[原创]windows内核 win7 和 xp下 hook过滤KiFastCallEntry的不同之处(远离360的hook)](https://bbs.pediy.com/thread-149003.htm)
- 2011.09 [pediy] [[原创]Windows环境下基于Hook技术的调试器及其实现(含源码)](https://bbs.pediy.com/thread-139813.htm)
- 2011.09 [htbridge] [Inline Hooking in Windows](https://www.htbridge.com/blog/inline_hooking_in_windows.html)
- 2011.08 [mista] [Windows Hooks of Death: Kernel Attacks through User-Mode Callbacks](http://mista.nu/blog/?p=632)
- 2011.08 [htbridge] [Userland Hooking in Windows](https://www.htbridge.com/blog/userland_hooking_in_windows.html)
- 2011.06 [shiftlock] [Windows hooks detector](https://shiftlock.wordpress.com/2011/06/22/windows-hooks-detector/)
- 2011.02 [winsunxu] [Windows防火墙之NDIS HOOK和TDI HOOK](https://blog.csdn.net/winsunxu/article/details/6196319)
- 2010.10 [pediy] [[原创]hook_exitwindowsex.asm](https://bbs.pediy.com/thread-122496.htm)
- 2010.09 [pediy] [[原创]PYdotDLL. a simple python hook engine / update 2010.9.28](https://bbs.pediy.com/thread-120438.htm)
- 2010.09 [redplait] [ntdll official hooks](http://redplait.blogspot.com/2010/09/ntdll-official-hooks.html)
- 2010.02 [pediy] [[翻译]QuietRIATT:通过HOOK DLL函数重建IAT](https://bbs.pediy.com/thread-107092.htm)
- 2010.02 [xyz] [wince中的hook(钩子)用法](https://blog.csdn.net/xyz_lmn/article/details/5289128)
- 2010.02 [xyz] [Using keyboard hooks in WinCE](https://blog.csdn.net/xyz_lmn/article/details/5289131)
- 2010.02 [xyz] [wince上能够使用的hook是有限的](https://blog.csdn.net/xyz_lmn/article/details/5289120)
- 2009.11 [magictong] [SetWinEventHook 事件钩子](https://blog.csdn.net/magictong/article/details/4753122)
- 2008.10 [pediy] [[原创]IAT HOOK 代码注入非DLL](https://bbs.pediy.com/thread-74569.htm)
- 2008.05 [pediy] [[原创]利用IAT hook实现windows通用密码后门](https://bbs.pediy.com/thread-65391.htm)
- 2006.01 [sans] [KbHook.dll is Not Always Spyware](https://isc.sans.edu/forums/diary/KbHookdll+is+Not+Always+Spyware/1076/)
- 2005.03 [pediy] [[转帖]在Windows 2003中HOOK ZwCreateProc](https://bbs.pediy.com/thread-11955.htm)
***
- [**140**星][7m] [C] [davidbuchanan314/tardis](https://github.com/davidbuchanan314/tardis) Trace And Rewrite Delays In Syscalls: Hooking time-related Linux syscalls to warp a process's perspective of time, using ptrace.
- [**134**星][1m] [C] [poliva/ldpreloadhook](https://github.com/poliva/ldpreloadhook) a quick open/close/ioctl/read/write/free function hooker
- [**94**星][30d] [C] [milabs/khook](https://github.com/milabs/khook) Linux Kernel hooking engine (x86)
- [**68**星][1m] [C] [ilammy/ftrace-hook](https://github.com/ilammy/ftrace-hook) Using ftrace for function hooking in Linux kernel
- [**45**星][2m] [C] [jmpews/evilelf](https://github.com/jmpews/evilelf) Malicious use of ELF such as .so inject, func hook and so on.
- [**35**星][3y] [C] [jordan9001/superhide](https://github.com/jordan9001/superhide) Example of hooking a linux systemcall
- [**8**星][2m] [C] [rafael-santiago/kook](https://github.com/rafael-santiago/kook) A syscall hooking system for FreeBSD, NetBSD and also Linux.
- [**6**星][2y] [C] [sizet/lkm_parse_dns_packet](https://github.com/sizet/lkm_parse_dns_packet) linux 核心模組, 使用 netfilter IPv4 hook 監聽和分析 DNS 請求和回應封包.
- [**5**星][3m] [C] [deb0ch/toorkit](https://github.com/deb0ch/toorkit) A simple useless rootkit for the linux kernel. It is a kernel module which hooks up the open() syscall (or potentially any syscall) to replace it with a custom function.
***
- 2020.01 [mike] [Hooking Linux Libraries for Post-Exploitation Fun](https://www.mike-gualtieri.com/posts/hooking-linux-libraries-for-post-exploitation-fun)
- 2020.01 [freebuf] [Linux HIDS agent 概要和用户态HOOK(一)](https://www.freebuf.com/geek/223409.html)
- 2019.12 [knownsec404team] [Linux HIDS agent Summary and User Status HOOK [1]](https://medium.com/p/f1bb17295456)
- 2019.12 [venus] [Linux HIDS agent Summary and User Status HOOK [1]](https://paper.seebug.org/1104/)
- 2019.12 [knownsec] [Linux HIDS agent 概要和用户态 HOOK(一)](https://blog.knownsec.com/2019/12/linux-hids-agent-%e6%a6%82%e8%a6%81%e5%92%8c%e7%94%a8%e6%88%b7%e6%80%81-hook%ef%bc%88%e4%b8%80%ef%bc%89/)
- 2019.12 [aliyun] [Linux下Hook方式汇总](https://xz.aliyun.com/t/6961)
- 2019.12 [4hou] [Linux HIDS agent 概要和用户态 HOOK(一)](https://www.4hou.com/system/22258.html)
- 2019.12 [venus] [Linux HIDS agent 概要和用户态 HOOK(一)](https://paper.seebug.org/1102/)
- 2019.12 [jm33] [Hook System Calls in Linux 5.x](https://jm33.me/hook-system-calls-in-linux-5x.html)
- 2019.12 [aliyun] [Linux逆向之hook&注入](https://xz.aliyun.com/t/6883)
- 2019.02 [linuxgizmos] [Embedded vision cams use MIPI-CSI and USB3 Vision to hook up with Linux dev boards](http://linuxgizmos.com/embedded-vision-cams-use-mipi-csi-and-usb3-vision-to-hook-up-with-linux-dev-boards/)
- 2018.10 [aliyun] [Hooking linux内核函数(三):Ftrace的主要优缺点](https://xz.aliyun.com/t/2949)
- 2018.10 [aliyun] [Hooking linux内核函数(二):如何使用Ftrace hook函数](https://xz.aliyun.com/t/2948)
- 2018.10 [aliyun] [Hooking linux内核函数(一):寻找完美解决方案](https://xz.aliyun.com/t/2947)
- 2017.02 [forcepoint] [Detecting register-hooking Linux rootkits with Forcepoint Second Look](https://www.forcepoint.com/blog/security-labs/detecting-register-hooking-linux-rootkits-forcepoint-second-look)
- 2014.10 [allsoftwaresucks] [abusing Mesa by hooking ELFs and ioctl](http://allsoftwaresucks.blogspot.com/2014/10/abusing-mesa-by-hooking-elfs-and-ioctl.html)
- 2013.12 [HackersSecurity] [DEFCON 18: Function Hooking for Mac OSX and Linux](https://www.youtube.com/watch?v=MaIZ1TRc414)
- 2013.09 [pediy] [[原创]LINUX ELF HOOK DEMO源码](https://bbs.pediy.com/thread-178320.htm)
- 2010.03 [imthezuk] [Linux functions hooking using LD_PRELOAD - for fun and profit](https://imthezuk.blogspot.com/2010/03/easy-hooking-for-logging-purposes-with.html)
***
- [**538**星][2y] [Objective-C++] [davidgoldman/inspectivec](https://github.com/davidgoldman/inspectivec) objc_msgSend hook for debugging/inspection purposes.
***
- [**577**星][1y] [ObjC] [rpetrich/captainhook](https://github.com/rpetrich/captainhook) Common hooking/monkey patching headers for Objective-C on Mac OS X and iPhone OS. MIT licensed
***
- [**581**星][5m] [C] [yulingtianxia/blockhook](https://github.com/yulingtianxia/blockhook) Hook Objective-C blocks. A powerful AOP tool.
***
- [**2032**星][3y] [Swift] [urinx/iosapphook](https://github.com/urinx/iosapphook) 专注于非越狱环境下iOS应用逆向研究,从dylib注入,应用重签名到App Hook
- [**1122**星][2y] [ObjC] [yulingtianxia/fishchat](https://github.com/yulingtianxia/fishchat) Hook WeChat.app on non-jailbroken devices.
- [**129**星][6m] [C] [rodionovd/rd_route](https://github.com/rodionovd/rd_route) Function hooking for macOS
- [**123**星][4m] [ObjC] [smilezxlee/zxhookdetection](https://github.com/smilezxlee/zxhookdetection) 【iOS应用安全】hook及越狱的基本防护与检测(动态库注入检测、hook检测与防护、越狱检测、签名校验、IDA反编译分析加密协议示例)
- [**68**星][3y] [ObjC] [alayshchen/xcodeappplugintemplate](https://github.com/alayshchen/xcodeappplugintemplate) App Plugin Project Template For iOS App And Mac App. Make it easy to hook app.
- [**66**星][5m] [ObjC] [yulingtianxia/blocktracker](https://github.com/yulingtianxia/blocktracker) Tracking block args of Objective-C method based on BlockHook
- [**54**星][1m] [Perl] [theos/logos](https://github.com/theos/logos) Preprocessor that simplifies Objective-C hooking.
- [**53**星][4m] [ObjC] [smilezxlee/zxhookutil](https://github.com/smilezxlee/zxhookutil) 【iOS逆向】Tweak工具函数集,基于theos、monkeyDev
***
- 2016.02 [360] [iOS冰与火之歌番外篇 - 在非越狱手机上进行App Hook](https://www.anquanke.com/post/id/83495/)
- 2013.03 [gdssecurity] [Retrieving Crypto Keys via iOS Runtime Hooking](https://blog.gdssecurity.com/labs/2013/3/5/retrieving-crypto-keys-via-ios-runtime-hooking.html)
- 2013.01 [Proteas] [Hook Objective-C 的方法](https://blog.csdn.net/Proteas/article/details/8477806)
***
- [**332**星][4m] [Java] [mar-v-in/arthook](https://github.com/mar-v-in/arthook) Library for hooking on ART
- 2016.06 [securitygossip] [ArtHook: Callee-side Method Hook Injection on the New Android Runtime ART](http://securitygossip.com/blog/2016/06/29/2016-06-29/)
- [**376**星][4m] [C] [turing-technician/fasthook](https://github.com/turing-technician/fasthook) Android ART Hook
- [**129**星][4m] [Java] [turing-technician/virtualfasthook](https://github.com/turing-technician/virtualfasthook) Android application hooking tool based on FastHook + VirtualApp
- [**2236**星][4m] [Java] [elderdrivers/edxposed](https://github.com/elderdrivers/edxposed) Riru模块,试图提供一个ART挂钩框架(最初用于Android Pie),它提供与OG xpose一致的api,利用YAHFA(或SandHook)挂钩框架,支持Android 8.0 ~ 10。
- [**764**星][25d] [Java] [pagalaxylab/yahfa](https://github.com/PAGalaxyLab/YAHFA) Yet Another Hook Framework for ART
- [**128**星][2y] [Java] [bmax121/budhook](https://github.com/bmax121/budhook) An Android hook framework written like Xposed,based on YAHFA.
- 2018.01 [360] [YAHFA--ART环境下的Hook框架](https://www.anquanke.com/post/id/96231/)
- [**372**星][29d] [Py] [androidhooker/hooker](https://github.com/androidhooker/hooker) Android应用程序动态分析。自动拦截和修改目标应用程序发出的任何API调用(利用Substrate )
***
- [**571**星][25d] [Java] [pagalaxylab/virtualhook](https://github.com/PAGalaxyLab/VirtualHook) 基于VirtualApp的Android应用Hook工具
- [**58**星][8m] [Java] [nightoftwelve/virtualhookex](https://github.com/nightoftwelve/virtualhookex) Android application hooking tool based on VirtualHook/VirtualApp
- 2017.04 [pediy] [[原创]VirtualHook: 基于VirtualApp的Java代码hook工具](https://bbs.pediy.com/thread-216786.htm)
***
- [**708**星][4m] [Java] [ganyao114/sandhook](https://github.com/ganyao114/sandhook) Android ART Hook/Native Inline Hook/Single Instruction Hook - support 4.4 - 10.0 32/64 bit - Xposed API Compat
***
- [**1463**星][1m] [Java] [aslody/legend](https://github.com/aslody/legend) (Android)无需Root即可Hook Java方法的框架, 支持Dalvik和Art环境
***
- [**1741**星][25d] [C] [iqiyi/xhook](https://github.com/iqiyi/xhook) a PLT (Procedure Linkage Table) hook library for Android native ELF
***
- [**429**星][4y] [Makefile] [mindmac/androideagleeye](https://github.com/mindmac/androideagleeye) 一个基于xposed和adbi的模块,能够Hook Android操作系统的Java和原生方法
***
- [**1990**星][27d] [Java] [tiann/epic](https://github.com/tiann/epic) 动态java方法AOP钩子用于Android(Dexposed on ART的延续),支持4.0~10.0
- [**1763**星][2y] [Java] [ac-pm/inspeckage](https://github.com/ac-pm/inspeckage) 使用api钩子进行动态分析,启动未导出的活动等等。(Xposed模块)
- [**789**星][2y] [C] [ele7enxxh/android-inline-hook](https://github.com/ele7enxxh/android-inline-hook) thumb16 thumb32 arm32 inlineHook in Android
- [**575**星][27d] [Java] [aslody/andhook](https://github.com/asLody/AndHook) Android dynamic instrumentation framework
- [**541**星][4m] [Java] [windysha/xpatch](https://github.com/windysha/xpatch) 个重新打包apk文件的工具,然后apk可以加载安装在设备中的任何xposed模块
- [**448**星][5y] [C++] [boyliang/allhookinone](https://github.com/boyliang/allhookinone) all method hook approachs for android such as dalvik hook, art hook, elf hook and inline hook
- [**401**星][5m] [Java] [pqpo/inputmethodholder](https://github.com/pqpo/inputmethodholder) 通过hook(InputMethodManager)监听系统键盘显示(Android)
- [**291**星][1m] [Py] [antojoseph/frida-android-hooks](https://github.com/antojoseph/frida-android-hooks) Lets you hook Method Calls in Frida ( Android )
- [**220**星][2y] [C] [gtoad/android_inline_hook](https://github.com/gtoad/android_inline_hook) 构建一个so文件来自动执行android_native_hook工作
- [**216**星][3y] [Java] [zhengmin1989/wechatsportcheat](https://github.com/zhengmin1989/wechatsportcheat) 手把手教你当微信运动第一名 – 利用Android Hook进行微信运动作弊
- [**195**星][6m] [Java] [panhongwei/androidmethodhook](https://github.com/panhongwei/androidmethodhook) android art hook like Sophix
- [**190**星][5m] [C++] [aslody/elfhook](https://github.com/aslody/elfhook) modify PLT to hook api, supported android 5\6.
- [**179**星][1m] [Java] [546669204/wechatbot-xposed](https://github.com/546669204/wechatbot-xposed) A WeChat robot unit ,based on the android xposed framework hook to implement WeChat app robot functions
- [**148**星][5m] [Java] [zhouat/inject-hook](https://github.com/zhouat/inject-hook) for android
- [**120**星][4m] [C++] [melonwxd/elfhooker](https://github.com/melonwxd/elfhooker) 兼容Android 32位和64位。基于EFL文件格式Hook的demo,hook了SurfaceFlinger进程的eglSwapBuffers函数,替换为new_eglSwapBuffers
- [**104**星][5y] [Java] [rednaga/dexhook](https://github.com/rednaga/dexhook) DexHook is a xposed module for capturing dynamically loaded dex files.
- [**99**星][2y] [Java] [piasy/fridaandroidtracer](https://github.com/piasy/fridaandroidtracer) A runnable jar that generate Javascript hook script to hook Android classes.
- [**99**星][4m] [C++] [woxihuannisja/stormhook](https://github.com/woxihuannisja/stormhook) StormHook is a Android Hook Framework for Dalvik and Art
- [**63**星][28d] [JS] [northwavenl/fridax](https://github.com/northwavenl/fridax) Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.
- [**56**星][1m] [Rust] [nccgroup/assethook](https://github.com/nccgroup/assethook) LD_PRELOAD magic for Android's AssetManager
- [**51**星][2m] [Py] [hrkfdn/deckard](https://github.com/hrkfdn/deckard) Deckard performs static and dynamic binary analysis on Android APKs to extract Xposed hooks
- [**51**星][5y] [C++] [ikoz/androidsubstrate_hookingc_examples](https://github.com/ikoz/androidsubstrate_hookingc_examples) AndroidSubstrate_hookingC_examples
- [**48**星][5m] [C] [shunix/androidgothook](https://github.com/shunix/androidgothook) GOT Hook implemented in Android
- [**42**星][29d] [C++] [chickenhook/chickenhook](https://github.com/chickenhook/chickenhook) A linux / android / MacOS hooking framework
- [**34**星][2m] [TS] [igio90/frida-onload](https://github.com/igio90/frida-onload) Frida module to hook module initializations on android
- [**25**星][3m] [C++] [dodola/dinlinehook](https://github.com/dodola/dinlinehook) simple art inline hook
- [**23**星][6m] [C++] [legendl3n/smarthooker](https://github.com/legendl3n/smarthooker) The smartest hooking library.
- [**17**星][29d] [Py] [margular/frida-skeleton](https://github.com/margular/frida-skeleton) 本项目旨在帮助安卓测试工程师更方便地hook apk,并且自带证书绑定绕过功能
- [**17**星][25d] [C++] [vito11/camerahook](https://github.com/vito11/camerahook) An prototype to hook android camera preview data of third-party and system apps
- [**15**星][2m] [Java] [pnfsoftware/jeb2-andhook](https://github.com/pnfsoftware/jeb2-andhook)
- [**2**星][4y] [Java] [nodoraiz/latchhooks](https://github.com/nodoraiz/latchhooks) Hack for Android app hooking using latch
- [**0**星][4y] [serval-snt-uni-lu/hookranker](https://github.com/serval-snt-uni-lu/hookranker) Automatically Locating Malicious Payload in Piggybacked Android Apps (A Hook Ranking Approach)
- [**None**星][C] [gtoad/android_inline_hook_arm64](https://github.com/gtoad/android_inline_hook_arm64) Build an .so file to automatically do the android_native_hook work. Supports ARM64 ! With this, tools like Xposed can do android native hook.
- [**None**星][C++] [rprop/and64inlinehook](https://github.com/rprop/and64inlinehook) Lightweight ARMv8-A(ARM64, AArch64, Little-Endian) Inline Hook Library for Android C/C++
- [**None**星][Py] [fanxs-t/android-ssl_read-write-hook](https://github.com/fanxs-t/android-ssl_read-write-hook) Hook SSL_read and SSL_write functions in the Android application with Frida.
***
- 2019.01 [fuping] [安卓APP测试之HOOK大法-Xposed篇](https://fuping.site/2019/01/28/Xposed-Hook-SoulApp/)
- 2019.01 [pediy] [[原创]尝试着实现了一个 ART Hook](https://bbs.pediy.com/thread-249163.htm)
- 2019.01 [fuping] [安卓APP测试之HOOK大法-Frida篇](https://fuping.site/2019/01/25/Frida-Hook-SoulAPP/)
- 2019.01 [pediy] [[原创]介召几个frida在安卓逆向中使用的脚本以及延时Hook手法](https://bbs.pediy.com/thread-248848.htm)
- 2018.11 [bugbountywriteup] [Android Hook — ASIS CTF Final 2018 — Gunshops Question Walkthrough](https://medium.com/p/ae5dfe8b5df0)
- 2018.09 [pediy] [[原创]Android Hook 系列教程(二) 自己写APK实现Hook Java层函数](https://bbs.pediy.com/thread-247051.htm)
- 2018.09 [pediy] [[原创]Android Hook 系列教程(一) Xposed Hook 原理分析](https://bbs.pediy.com/thread-247030.htm)
- 2017.11 [pediy] [[原创]Epic——ART上的Dexposed(无侵入式Hook框架)](https://bbs.pediy.com/thread-222931.htm)
- 2017.08 [pediy] [[原创]StormHook:Android侵入式Hook框架](https://bbs.pediy.com/thread-220760.htm)
- 2017.06 [4hou] [AssetHook:Android应用资源数据运行时编辑工具](http://www.4hou.com/technology/5069.html)
- 2017.05 [pediy] [[原创]全能HOOK框架 JNI NATIVE JAVA ART DALVIK](https://bbs.pediy.com/thread-217587.htm)
- 2017.03 [aliyun] [浅谈Android Hook技术](https://xz.aliyun.com/t/230)
- 2017.02 [360] [使用高级反调试与反HOOK的安卓恶意ROOT软件的深度分析(二):JAVA层分析](https://www.anquanke.com/post/id/85427/)
- 2017.02 [360] [使用高级反调试与反HOOK的安卓恶意ROOT软件的深度分析(一):NATIVE层的调试](https://www.anquanke.com/post/id/85426/)
- 2017.01 [360] [hook Android系统调用的乐趣和好处](https://www.anquanke.com/post/id/85375/)
- 2017.01 [pediy] [[原创]安卓Hook函数的复杂参数如何给定?](https://bbs.pediy.com/thread-215039.htm)
- 2016.09 [pediy] [[分享]Hook Android C代码基础总结](https://bbs.pediy.com/thread-212943.htm)
- 2016.03 [sensepost] [Android hooking with Introspy](https://sensepost.com/blog/2016/android-hooking-with-introspy/)
- 2016.01 [ele7enxxh] [Android Arm Inline Hook](http://ele7enxxh.com/Android-Arm-Inline-Hook.html)
- 2016.01 [freebuf] [Android系统调用hook研究(一)](http://www.freebuf.com/articles/system/93168.html)
- 2015.12 [d3adend] [Android Anti-Hooking Techniques in Java](https://d3adend.org/blog/posts/android-anti-hooking-techniques-in-java/)
- 2015.12 [d3adend] [Android Anti-Hooking Techniques in Java](http://d3adend.org/blog/?p=589)
- 2015.11 [pediy] [[原创]开源 Android inline hook](https://bbs.pediy.com/thread-205741.htm)
- 2015.09 [pediy] [[原创]Android5.1 Art Hook 技术分享,求加精转正式会员](https://bbs.pediy.com/thread-204183.htm)
- 2015.09 [360] [手把手教你当微信运动第一名 – 利用Android Hook进行微信运动作弊](https://www.anquanke.com/post/id/82323/)
- 2015.06 [koz] [Substrate - hooking C on Android](https://koz.io/android-substrate-c-hooking/)
- 2015.05 [evilsocket] [Android Native API Hooking With Library Injection and ELF Introspection.](https://www.evilsocket.net/2015/05/04/android-native-api-hooking-with-library-injecto/)
- 2015.04 [L173864930] [Android Art Hook 技术方案](https://blog.csdn.net/L173864930/article/details/45035521)
- 2015.01 [freebuf] [使用渗透测试框架Xposed Framework hook调试Android APP](http://www.freebuf.com/articles/terminal/56453.html)
- 2015.01 [attify] [Xposed Framework for Android Hooking](http://blog.attify.com/2015/01/04/xposed-framework-android-hooking/)
- 2015.01 [attify] [Xposed Framework for Android Hooking](https://blog.attify.com/xposed-framework-android-hooking/)
- 2014.11 [ele7enxxh] [Android GOT表HOOK技术](http://ele7enxxh.com/Android-Shared-Library-Hook-With-GOT.html)
- 2014.10 [L173864930] [基于Android的ELF PLT/GOT符号重定向过程及ELF Hook实现(by 低端码农 2014.10.27)](https://blog.csdn.net/L173864930/article/details/40507359)
- 2014.10 [pediy] [[原创]基于Android的ELF PLT/GOT符号重定向过程及ELF Hook实现](https://bbs.pediy.com/thread-193720.htm)
- 2014.08 [Roland] [Android平台下Dalvik层hook框架ddi的研究](https://blog.csdn.net/Roland_Sun/article/details/38640297)
- 2014.06 [Roland] [Android平台下hook框架adbi的研究(下)](https://blog.csdn.net/Roland_Sun/article/details/36049307)
- 2014.06 [Roland] [Android平台下hook框架adbi的研究(上)](https://blog.csdn.net/Roland_Sun/article/details/34109569)
- 2014.03 [pediy] [[原创]注入安卓进程,并hook java世界的方法](https://bbs.pediy.com/thread-186054.htm)
- 2013.12 [u011069813] [Android中的so注入(inject)和挂钩(hook) - For both x86 and arm](https://blog.csdn.net/u011069813/article/details/17285009)
- 2013.11 [] [Android下通过hook技术实现透明加解密保障数据安全](http://www.91ri.org/7714.html)
- 2013.08 [jinzhuojun] [Android中的so注入(inject)和挂钩(hook) - For both x86 and arm](https://blog.csdn.net/jinzhuojun/article/details/9900105)
- 2013.07 [u011069813] [android hook api](https://blog.csdn.net/u011069813/article/details/9271851)
***
- [**277**星][3y] [C++] [gellin/teamviewer_permissions_hook_v1](https://github.com/gellin/teamviewer_permissions_hook_v1) 可注入的c++ dll,它使用裸内联连接和直接内存修改来更改您的TeamViewer权限
- [**212**星][3y] [C] [silvermoonsecurity/passivefuzzframeworkosx](https://github.com/silvermoonsecurity/passivefuzzframeworkosx) This framework is for fuzzing OSX kernel vulnerability based on passive inline hook mechanism in kernel mode.
- [**75**星][2y] [C] [chinatiny/inlinehooklib](https://github.com/chinatiny/inlinehooklib) 同时支持用户和内核模式的Inlinehook库
- [**67**星][5y] [C] [malwaretech/basichook](https://github.com/malwaretech/basichook) x86 Inline hooking engine (using trampolines)
- [**15**星][3m] [C] [zzy590/basiclibpp](https://github.com/zzy590/basiclibpp) A powerful library for inline-hook,lock,compress etc,and it is useful for anti-virus software.
- [**14**星][2y] [C] [gtoad/android_inline_hook_arm_example](https://github.com/gtoad/android_inline_hook_arm_example)
- [**10**星][2y] [C] [gtoad/android_inline_hook_thumb_example](https://github.com/gtoad/android_inline_hook_thumb_example)
- [**4**星][2y] [C++] [wanttobeno/ade32_inlinehook](https://github.com/wanttobeno/ade32_inlinehook) 基于ADE32的inlineHook
- 2019.06 [aliyun] [手游外挂基础篇之inline-hook](https://xz.aliyun.com/t/5397)
- 2018.11 [n0where] [Investigate Inline Hooks: PE-sieve](https://n0where.net/investigate-inline-hooks-pe-sieve)
- 2018.04 [pediy] [[原创]unity3d手游破解(三)--基于inline hook](https://bbs.pediy.com/thread-226261.htm)
- 2018.04 [pediy] [分享一个任意点hook的inlinehook库(同时支持用户和内核)](https://bbs.pediy.com/thread-225863.htm)
- 2018.04 [pediy] [[原创]inlineHook学习分析](https://bbs.pediy.com/thread-225662.htm)
- 2017.12 [pediy] [[翻译]理解/检测 Inline Hooks/ WinAPI Hooks (Ring3)](https://bbs.pediy.com/thread-223317.htm)
- 2017.12 [userpc] [理解/检测内联 Hook 和 WinAPI Hook](https://userpc.net/2017/12/03/understanding-detecting-inline-hooks-winapi-hooks-ring3/)
- 2017.07 [pediy] [dexdump 介绍](https://bbs.pediy.com/thread-218936.htm)
- 2017.06 [pediy] [[原创] 重载可执行文件实现高效inline-hook 【源码】](https://bbs.pediy.com/thread-218166.htm)
- 2016.09 [0x00sec] [User Mode Rootkits: IAT and Inline Hooking](https://0x00sec.org/t/user-mode-rootkits-iat-and-inline-hooking/1108/)
- 2015.11 [ele7enxxh] [ARM平台backtrace与inlineHook多线程安全浅析](http://ele7enxxh.com/Analysis-Of-Backtrace-And-Inline-Hook-Thread-Safety-On-The-ARM-Platform.html)
- 2015.02 [pediy] [[原创]Cydia Substrate Inline Hook若干bug修复方案](https://bbs.pediy.com/thread-197865.htm)
- 2014.12 [pediy] [[原创]inline hook 入门教程](https://bbs.pediy.com/thread-195503.htm)
- 2014.05 [pediy] [[原创]inline hook](https://bbs.pediy.com/thread-188324.htm)
- 2014.01 [pediy] [[原创]x64 ring3 inline-hook](https://bbs.pediy.com/thread-183367.htm)
- 2013.10 [pediy] [[原创]Inline hook中继函数通用汇编宏](https://bbs.pediy.com/thread-179632.htm)
- 2013.09 [debasish] [Inline API Hooking using DLL Injection](http://www.debasish.in/2013/09/inline-api-hooking-using-dll-injection.html)
- 2013.09 [pediy] [[原创]InlineHook网络数据发送接收函数(反钓鱼,反盗号)](https://bbs.pediy.com/thread-178806.htm)
- 2013.06 [pediy] [比较稳定的ring3 API HeadInline HOOK,QQ显IP。。](https://bbs.pediy.com/thread-174464.htm)
- 2013.04 [pediy] [[原创]Hide your InlineHook in Xuetr、Gmer、RKU、KD(技术解封专题)](https://bbs.pediy.com/thread-170503.htm)
- 2013.03 [pediy] [[原创]ring3下的Inline hook](https://bbs.pediy.com/thread-167042.htm)
- 2012.08 [pediy] [[原创]hook类,支持inline hook,ita hook,输出 表hook,过滤等等功能,申请加精](https://bbs.pediy.com/thread-154721.htm)
- 2012.08 [pediy] [[分享]再来一种内核 inlinehook 的隐藏方法](https://bbs.pediy.com/thread-154384.htm)
- 2012.05 [crowdstrike] [ARMv7/Thumb2 Inline Code Hooking](https://www.crowdstrike.com/blog/armv7thumb2-inline-code-hooking/)
- 2012.02 [pediy] [[原创]自己动手,制作inline hook扫描工具](https://bbs.pediy.com/thread-147059.htm)
- 2012.01 [pediy] [[原创]C++还原ring3 Inline Hook(附源码)](https://bbs.pediy.com/thread-145825.htm)
- 2011.07 [pediy] [[原创]小菜也玩inline hook -------GetWindowText](https://bbs.pediy.com/thread-137206.htm)
- 2011.05 [pediy] [[原创]发一个自己平时用的简单inlinehook的类](https://bbs.pediy.com/thread-133341.htm)
- 2011.02 [pediy] [[己解决]inline hook的恢复](https://bbs.pediy.com/thread-128924.htm)
- 2011.01 [pediy] [[原创]inline-hook和object双HOOK联合调用拒绝WIN打开服务](https://bbs.pediy.com/thread-128506.htm)
- 2010.08 [pediy] [[原创]ring0 head inline hook lib](https://bbs.pediy.com/thread-119571.htm)
- 2010.04 [pediy] [[原创]内核所有模块导出函数inlinehook检测](https://bbs.pediy.com/thread-110216.htm)
- 2010.02 [pediy] [[原创]如何InlineHook IoCallDriver来保护文件](https://bbs.pediy.com/thread-106481.htm)
- 2009.11 [pediy] [[原创]菜鸟理解的inlineHook的要点(RootkitUnhook无法检测)](https://bbs.pediy.com/thread-101825.htm)
- 2009.11 [pediy] [[原创]inlineHook的入学者的拙见](https://bbs.pediy.com/thread-101362.htm)
- 2009.09 [pediy] [[原创]详谈内核三步走Inline Hook实现](https://bbs.pediy.com/thread-98493.htm)
- 2009.09 [pediy] [[原创]绕过函数头INLINE HOOK](https://bbs.pediy.com/thread-97281.htm)
- 2009.07 [pediy] [[原创]inline hook NtQuerySystemInformation 保护进程](https://bbs.pediy.com/thread-93531.htm)
- 2009.03 [pediy] [[原创]山寨Fsd Inline Hook](https://bbs.pediy.com/thread-85020.htm)
- 2008.11 [pediy] [[原创]放个inline Hook的工程](https://bbs.pediy.com/thread-77467.htm)
- 2008.09 [pediy] [[原创]简单的双核下inline hook.r3](https://bbs.pediy.com/thread-72936.htm)
- 2008.08 [pediy] [[原创]ring3 & ring0 通用InlineHook代码(修补)](https://bbs.pediy.com/thread-71480.htm)
- 2008.07 [pediy] [[原创]Ring3下Inline Hook MessageBox(演示)](https://bbs.pediy.com/thread-69666.htm)
- 2008.05 [pediy] [[原创]简单inline hook ObReferenceObjectByHandle保护进程和屏蔽文件执行](https://bbs.pediy.com/thread-65731.htm)
- 2008.05 [pediy] [[原创]fsd inline hook](https://bbs.pediy.com/thread-64809.htm)
- 2008.05 [pediy] [[分享]inline hook NtQueryDirectoryFile](https://bbs.pediy.com/thread-64502.htm)
- 2008.04 [pediy] [[原创]inline hook和IDT hook结合](https://bbs.pediy.com/thread-63833.htm)
- 2008.04 [pediy] [[原创]inline hook未导出函数PspTerminateProcess](https://bbs.pediy.com/thread-62450.htm)
- 2008.01 [pediy] [[原创]rootkit hook之[三] inline hook](https://bbs.pediy.com/thread-59127.htm)
- 2008.01 [pediy] [[分享]射-->XP/2003/VISTA的简单INLINE HOOK](https://bbs.pediy.com/thread-58859.htm)
- 2006.07 [pediy] [[翻译]InLine Patching Protected Application By Hook API Function](https://bbs.pediy.com/thread-29594.htm)
- 2006.03 [pediy] [[转帖]kernel inline hook](https://bbs.pediy.com/thread-22707.htm)
***
- [**18**星][1y] [C] [plexsolutions/readhook](https://github.com/plexsolutions/readhook) Red-team tool to hook libc read syscall with a buffer overflow vulnerability.
- 2016.12 [360] [Rootkit技术入门:从syscall到hook!](https://www.anquanke.com/post/id/85202/)
***
- [**509**星][1m] [C++] [0x09al/rdpthief](https://github.com/0x09al/rdpthief) Extracting Clear Text Passwords from mstsc.exe using API Hooking.
- [**315**星][4m] [C] [outflanknl/dumpert](https://github.com/outflanknl/dumpert) LSASS memory dumper using direct system calls and API unhooking.
- [**304**星][2y] [C] [nektra/deviare2](https://github.com/nektra/deviare2) Deviare API Hook
- [**136**星][4m] [C] [hoshimin/hooklib](https://github.com/hoshimin/hooklib) The functions interception library written on pure C and NativeAPI with UserMode and KernelMode support
- [**54**星][5m] [C] [passingtheknowledge/ganxo](https://github.com/passingtheknowledge/ganxo) An opensource API hooking framework
- [**40**星][3y] [C++] [tanninone/usvfs](https://github.com/tanninone/usvfs) library using api hooking to implement process-local filesystem-independent file links.
- [**35**星][4m] [C++] [xrivendell/pcsgolh](https://github.com/xrivendell/pcsgolh) PCSGOLH - Pointless Counter-Strike: Global Offensive Lua Hooks. A open-source Lua API for CS:GO hacking written in modern C++
- [**28**星][6m] [JS] [shanselman/daskeyboard-q-nightscout](https://github.com/shanselman/daskeyboard-q-nightscout) Hooking up the DasKeyboard Q REST API to change the key colors in response to diabetic's glucose from NightScout
- [**11**星][2m] [Pascal] [oranke/proxy-dll-generator](https://github.com/oranke/proxy-dll-generator) PROXY DLL Generator / for very simple API Hooking.
- [**9**星][4y] [C++] [jonasblunck/dynhook](https://github.com/jonasblunck/dynhook) Example library for how to dynamically/statically hook/intercept unmanaged functions and APIs
- [**9**星][3m] [C++] [hidd3ncod3s/runpedmp](https://github.com/hidd3ncod3s/runpedmp) RunPE dump - I wrote this to have better control over the analysis of malwares. I can stop and analysis malware when it uses some of the API's i hook and to dump the memory while it is using RunPE/PH techniques.
- [**8**星][4m] [C++] [nybble04/shady-hook](https://github.com/nybble04/shady-hook) Hooking API calls of a Ransomware
- [**4**星][2y] [C++] [a7031x/hookapi](https://github.com/a7031x/hookapi) Handy way to hook x86 or x64 API
- [**4**星][29d] [C] [microwave89/ntapihook](https://github.com/microwave89/ntapihook) Attempt to Create a Simple and Light-weight Hook Engine Without Use of an LDE
- [**None**星][C++] [vovkos/protolesshooks](https://github.com/vovkos/protolesshooks) API monitoring via return-hijacking thunks; works without information about target function prototypes.
- 2020.05 [apriorit] [3 Effective DLL Injection Techniques for Setting API Hooks](https://www.apriorit.com/dev-blog/679-windows-dll-injection-for-api-hooks)
- 2019.12 [trendmicro] [Waterbear is Back, Uses API Hooking to Evade Security Product Detection](https://blog.trendmicro.com/trendlabs-security-intelligence/waterbear-is-back-uses-api-hooking-to-evade-security-product-detection/)
- 2019.11 [hakin9] [RdpThief - Extracting Clear Text Passwords from mstsc.exe using API Hooking](https://hakin9.org/rdpthief-extracting-clear-text-passwords-from-mstsc-exe-using-api-hooking/)
- 2019.11 [steve] [Equifax is Nowhere Near Off the Hook and CapitalOne Should be Scared.](https://www.peerlyst.com/posts/equifax-is-nowhere-near-off-the-hook-and-capitalone-should-be-scared-steve-king)
- 2019.08 [bromium] [Agent Tesla: Evading EDR by Removing API Hooks](https://www.bromium.com/agent-tesla-evading-edr-by-removing-api-hooks/)
- 2018.04 [OALabs] [Unpacking VB6 Packers With IDA Pro and API Hooks (Re-Upload)](https://www.youtube.com/watch?v=ylWInOcQy2s)
- 2018.01 [OALabs] [Analyze JavaScript and VBScript Malware With x64dbg Debugger and API Hooking](https://www.youtube.com/watch?v=uqhBsWXUw7Q)
- 2017.06 [lallouslab] [Introducing Ganxo v0.1 – An open source API hooking framework](http://lallouslab.net/2017/06/26/introducing-ganxo-v0-1-an-open-source-api-hooking-framework/)
- 2017.05 [] [Introducing Ganxo v0.1 Alpha – An open source API hooking framework](http://0xeb.net/2017/05/introducing-ganxo-v0-1-alpha-an-open-source-api-hooking-framework/)
- 2016.12 [adelmas] [API Hooking with IDA Pro](http://adelmas.com/blog/ida_api_hooking.php)
- 2016.01 [pediy] [[原创]简单易用,并且最全,也适合初学者的API HOOK](https://bbs.pediy.com/thread-206885.htm)
- 2015.06 [pediy] [[原创][封装]简单易用的Api Hook函数 - MyApiHookFun](https://bbs.pediy.com/thread-201300.htm)
- 2014.03 [pediy] [[原创]runas自动输入密码(使用api hook实现)](https://bbs.pediy.com/thread-185411.htm)
- 2013.05 [pediy] [[原创]无需偷代码的API HOOK](https://bbs.pediy.com/thread-170800.htm)
- 2013.04 [pediy] [[原创]小菜关于VC6release版本程序无法HOOK目标API的问题的探究](https://bbs.pediy.com/thread-170774.htm)
- 2013.04 [pediy] [[求助]VC6release版本程序的HOOK函数无法实现对导入表中目标API的覆盖](https://bbs.pediy.com/thread-170694.htm)
- 2013.01 [volatility] [HowTo: Extract "Hidden" API-Hooking BHO DLLs](https://volatility-labs.blogspot.com/2013/01/howto-extract-hidden-api-hooking-bho.html)
- 2012.06 [pediy] [[原创]hookQQ-API拦截QQ聊天记录-有图有码](https://bbs.pediy.com/thread-152085.htm)
- 2012.04 [pediy] [[原创]API HOOK 辅助工具(开源)](https://bbs.pediy.com/thread-149895.htm)
- 2012.02 [pediy] [[原创]API HOOK限制指定目录下的程序创建进程](https://bbs.pediy.com/thread-146878.htm)
- 2012.02 [vxsecurity] [ApiMapSet Hooking (short guide)](http://www.vxsecurity.sg/2012/02/14/apimapset-hooking-short-guide/)
- 2011.06 [pediy] [[翻译]API hooking revealed(自己翻译的)](https://bbs.pediy.com/thread-136091.htm)
- 2011.02 [codereversing] [API Hooking Through Near Call Replacement](http://www.codereversing.com/blog/archives/69)
- 2010.11 [pediy] [[原创]HOOK API 入门讲解, 高手请飘过](https://bbs.pediy.com/thread-124355.htm)
- 2010.10 [pediy] [[原创]打造史上最完整APIHOOK完整开发库](https://bbs.pediy.com/thread-122411.htm)
- 2010.09 [pediy] [[原创]关于壳中APIHOOK的一点点解析](https://bbs.pediy.com/thread-120750.htm)
- 2010.07 [pediy] [[原创]Ring3层Native API hook 的实现](https://bbs.pediy.com/thread-116630.htm)
- 2010.06 [pediy] [[原创][更新]Extreme HookEngine——Ring3 API Hook 静态库](https://bbs.pediy.com/thread-115739.htm)
- 2009.05 [pediy] [[原创]HOOK API续之模拟覆盖法 实例 AntiDesktop](https://bbs.pediy.com/thread-90303.htm)
- 2009.05 [pediy] [[原创]dll 全局api hook 一例(附代码)](https://bbs.pediy.com/thread-90109.htm)
- 2009.04 [pediy] [[分享]Delphi的LPK的APIHOOK源码](https://bbs.pediy.com/thread-87258.htm)
- 2009.04 [pediy] [[原创]简单hook api 的实现](https://bbs.pediy.com/thread-85719.htm)
- 2008.09 [evilcodecave] [Fast ApiSpy (of DeviceIoControl) via oSpy2 Defined Hook](https://evilcodecave.wordpress.com/2008/09/06/fast-apispy-of-deviceiocontrol-via-ospy2-defined-hook/)
- 2008.08 [pediy] [[原创]汇编ring3下实现HOOK API续之模拟覆盖法](https://bbs.pediy.com/thread-70987.htm)
- 2008.06 [pediy] [[原创]扫盲之Api Hook 细析(一)](https://bbs.pediy.com/thread-66148.htm)
- 2008.04 [pediy] [[原创]Hook Api Library 0.2[Ring0]& LDE32引擎[Ring0] For Delphi](https://bbs.pediy.com/thread-63986.htm)
- 2008.04 [pediy] [[原创]Hook Api lib 0.5 - 2008.04.16更新](https://bbs.pediy.com/thread-63212.htm)
- 2008.01 [pediy] [[原创]Hook Api lib 0.4 for C](https://bbs.pediy.com/thread-58101.htm)
- 2007.11 [pediy] [[原创]HookApi中学习PE文件格式(二)[原创]](https://bbs.pediy.com/thread-54960.htm)
- 2007.11 [pediy] [[原创]HookApi中学习PE文件格式(一)[原创]](https://bbs.pediy.com/thread-54930.htm)
- 2007.11 [pediy] [[原创]一个纯汇编写的Hook API的例子!!!](https://bbs.pediy.com/thread-54198.htm)
- 2007.09 [pediy] [[原创]汇编ring3下实现HOOK API续之备份函数法 (非安全 )](https://bbs.pediy.com/thread-51685.htm)
- 2007.08 [pediy] [[分享]HOOK API LIB 0.3 for VC](https://bbs.pediy.com/thread-50493.htm)
- 2007.08 [pediy] [[分享]API Hook程序](https://bbs.pediy.com/thread-48984.htm)
- 2007.07 [pediy] [[原创]关于RegisterUserApiHook](https://bbs.pediy.com/thread-48437.htm)
- 2007.07 [pediy] [[原创]hook api 反OD调试的一种思路](https://bbs.pediy.com/thread-48413.htm)
- 2007.07 [pediy] [[原创]Anti HookAPI学习笔记](https://bbs.pediy.com/thread-47605.htm)
- 2007.05 [pediy] [HookAPI 1.62](https://bbs.pediy.com/thread-45079.htm)
- 2007.05 [pediy] [[原创]汇编ring3下实现HOOK API续之备份函数法](https://bbs.pediy.com/thread-44318.htm)
- 2007.03 [pediy] [[分享]西裤哥的 Hook Api Lib 0.2 For C](https://bbs.pediy.com/thread-41387.htm)
- 2007.02 [trendmicro] [GOOGLE AJAX API Hooked](https://blog.trendmicro.com/trendlabs-security-intelligence/google-ajax-api-hooked/)
- 2007.01 [pediy] [[原创]API-HOOK and ANTI-API-HOOK For Ring3](https://bbs.pediy.com/thread-37586.htm)
- 2006.12 [pediy] [[分享]HOOK API Lib 0.1 For Delphi](https://bbs.pediy.com/thread-35953.htm)
- 2006.12 [pediy] [.........关于绕行HOOK ,跳过API拦截的讨论..........](https://bbs.pediy.com/thread-35752.htm)
- 2006.09 [pediy] [纯Delphi实现,Hook API实现进程隐藏代码!](https://bbs.pediy.com/thread-31428.htm)
- 2006.07 [pediy] [汇编ring3下实现HOOK API[原创]](https://bbs.pediy.com/thread-28895.htm)
- 2006.03 [pediy] [[转帖]HOOK其他进程API和全局HOOK-API](https://bbs.pediy.com/thread-22337.htm)
- 2006.03 [pediy] [[转帖] 修改IAT,HOOK API](https://bbs.pediy.com/thread-22336.htm)
- 2006.03 [pediy] [[转帖]覆盖地址HOOK API](https://bbs.pediy.com/thread-22334.htm)
- 2005.08 [pediy] [ApiHook,InjectDll 单元及其应用 [Delphi代码]](https://bbs.pediy.com/thread-16088.htm)
- 2005.08 [pediy] [Hook API lib (含源码)](https://bbs.pediy.com/thread-16061.htm)
***
- [**128**星][2y] [C] [cylancevulnresearch/reflectivedllrefresher](https://github.com/cylancevulnresearch/reflectivedllrefresher) Universal Unhooking
- [**23**星][6m] [C++] [apriorit/simple-antirootkit-sst-unhooker](https://github.com/apriorit/simple-antirootkit-sst-unhooker) This is a demo project to illustrate the way to verify and restore original SST in case of some malware hooks
- 2017.03 [cylance] [Cylance vs. Universal Unhooking Attack](https://www.cylance.com/en_us/blog/cylance-vs-universal-unhooking.html)
- 2017.03 [4hou] [如何使用Unhook技术绕过安全软件的防护?](http://www.4hou.com/technology/3666.html)
- 2017.02 [cylance] [Universal Unhooking: Blinding Security Software](https://www.cylance.com/en_us/blog/universal-unhooking-blinding-security-software.html)
***
- [**302**星][29d] [Py] [boppreh/mouse](https://github.com/boppreh/mouse) Hook and simulate global mouse events in pure Python
- [**220**星][2y] [C++] [bromiumlabs/packerattacker](https://github.com/bromiumlabs/packerattacker) C++ application that uses memory and code hooks to detect packers
- [**219**星][4m] [C] [silight-jp/mactype-patch](https://github.com/silight-jp/mactype-patch) MacType Patch for DirectWrite Hook
- [**202**星][6m] [ObjC] [lmsgsendnilself/hookstatistics](https://github.com/lmsgsendnilself/hookstatistics) Logging args based on AOP(Aspectoriented programming)by Method Swizzling
- [**175**星][27d] [C] [kubo/funchook](https://github.com/kubo/funchook) Hook function calls by inserting jump instructions at runtime
- [**151**星][6m] [C] [zmrbak/pcwechathook](https://github.com/zmrbak/pcwechathook) 云课堂《2019 PC微信 探秘》示例代码
- [**150**星][28d] [C] [vmcall/dxgkrnl_hook](https://github.com/vmcall/dxgkrnl_hook) C++ graphics kernel subsystem hook
- [**144**星][2m] [Py] [ethanhs/pyhooked](https://github.com/ethanhs/pyhooked) Pure Python hotkey hook, with thanks to pyHook and pyhk
- [**141**星][6m] [C++] [hasherezade/iat_patcher](https://github.com/hasherezade/iat_patcher) Persistent IAT hooking application - based on bearparser
- [**140**星][30d] [Py] [safebreach-labs/pyekaboo](https://github.com/safebreach-labs/pyekaboo) Proof-of-concept program that is able to to hijack/hook/proxy Python module(s) thanks to $PYTHONPATH variable
- [**139**星][10m] [C#] [unknownv2/corehook](https://github.com/unknownv2/corehook) A library that simplifies intercepting application function calls using managed code and the .NET Core runtime
- [**132**星][2y] [C++] [m0n0ph1/iat-hooking-revisited](https://github.com/m0n0ph1/iat-hooking-revisited) Import address table (IAT) hooking is a well documented technique for intercepting calls to imported functions.
- [**128**星][9m] [Go] [bshuster-repo/logrus-logstash-hook](https://github.com/bshuster-repo/logrus-logstash-hook)
- [**125**星][1m] [C] [gdabah/distormx](https://github.com/gdabah/distormx) The ultimate hooking library
- [**118**星][29d] [JS] [skepticfx/hookish](https://github.com/skepticfx/hookish) Hooks in to interesting functions and helps reverse the web app faster.
- [**116**星][2m] [Go] [mattbostock/go-ldpreload-backdoor](https://github.com/mattbostock/go-ldpreload-backdoor) LD_PRELOAD libc hooking using Go
- [**114**星][2m] [Ruby] [spiderlabs/beef_injection_framework](https://github.com/spiderlabs/beef_injection_framework) Inject beef hooks into HTTP traffic and track hooked systems from cmdline
- [**110**星][2m] [C] [hc0d3r/sudohulk](https://github.com/hc0d3r/sudohulk) 使用ptraceHook系统调用execve, 监控并修改sudo命令的参数
- [**109**星][1m] [Py] [eset/vba-dynamic-hook](https://github.com/eset/vba-dynamic-hook) dynamically analyzes VBA macros inside Office documents by hooking function calls
- [**109**星][4m] [Py] [infertux/zeyple](https://github.com/infertux/zeyple) Postfix filter/hook to automatically encrypt outgoing emails with PGP/GPG
- [**106**星][2m] [Java] [pqpo/methodhook](https://github.com/pqpo/methodhook) hook java methods
- [**105**星][1m] [Py] [c0demap/codemap](https://github.com/c0demap/codemap) Hook IDA,调试命中断点时将寄存器/内存信息保存到数据库,在web浏览器中查看
- [IDA插件](https://github.com/c0demap/codemap/blob/master/idapythonrc.py)
- [Web服务器](https://github.com/c0demap/codemap/tree/master/codemap/server)
- [**99**星][4y] [C] [ionescu007/hookingnirvana](https://github.com/ionescu007/hookingnirvana) Recon 2015 Presentation from Alex Ionescu
- [**96**星][8m] [C++] [dzzie/vs_libemu](https://github.com/dzzie/vs_libemu) Visual Studio 2008 port of the libemu library that includes scdbg.exe, a modification of the sctest project, that includes more hooks, interactive debugging, reporting features, and ability to work with file format exploit shellcode.
- [**93**星][2m] [JS] [oalabs/frida-wshook](https://github.com/oalabs/frida-wshook) Script analysis tool based on Frida.re
- [**89**星][2m] [C] [xpn/ssh-inject](https://github.com/xpn/ssh-inject) A ptrace POC by hooking SSH to reveal provided passwords
- [**88**星][6y] [C] [chokepoint/crypthook](https://github.com/chokepoint/crypthook) TCP/UDP symmetric encryption tunnel wrapper
- [**88**星][4m] [R] [lorenzwalthert/precommit](https://github.com/lorenzwalthert/precommit) pre-commit hooks for R projects
- [**83**星][2m] [Py] [enigmabridge/certbot-external-auth](https://github.com/enigmabridge/certbot-external-auth) Certbot external DNS, HTTP, TLSSNI domain validation plugin with JSON output and scriptable hooks, with Dehydrated compatibility
- [**83**星][1m] [C] [smealum/udsploit](https://github.com/smealum/udsploit) UDS exploit + kernel hooks for 11.3
- [**82**星][2m] [JS] [pnigos/hookjs](https://github.com/pnigos/hookjs) javascript function hook
- [**79**星][2m] [C++] [cseagle/collabreate](https://github.com/cseagle/collabreate) Hook IDA的事件通知,将事件涉及的修改内容广播到中心服务器,中心服务器转发给其他分析相同文件的用户
- [**79**星][29d] [Pascal] [delphilite/delphihookutils](https://github.com/delphilite/delphihookutils) Delphi Hooking Library by Lsuper
- [**77**星][1m] [C] [dodola/fbhookfork](https://github.com/dodola/fbhookfork) 从 fb 的 profilo 项目里提取出来的hook 库,自己用
- [**76**星][29d] [C++] [secrary/hooking-via-instrumentationcallback](https://github.com/secrary/hooking-via-instrumentationcallback) codes for my blog post:
- [**75**星][2y] [C++] [hrbust86/hookmsrbysvm](https://github.com/hrbust86/hookmsrbysvm) hook msr by amd svm
- [**73**星][1m] [C] [nektra/vtbl-ida-pro-plugin](https://github.com/nektra/vtbl-ida-pro-plugin) Identifying Virtual Table Functions using VTBL IDA Pro Plugin + Deviare Hooking Engine
- [**71**星][30d] [C++] [petrgeorgievsky/gtarenderhook](https://github.com/petrgeorgievsky/gtarenderhook) GTA SA rendering hook
- [**71**星][2m] [C] [zyantific/zyan-hook-engine](https://github.com/zyantific/zyan-hook-engine) Advanced x86/x86-64 hooking library (WIP).
- [**69**星][1y] [Java] [bolexliu/apptrack](https://github.com/bolexliu/apptrack) Xposed HookAPP逆向跟踪工具,跟踪Activity与Fragment启动信息等
- [**66**星][7y] [C] [chokepoint/jynx2](https://github.com/chokepoint/jynx2) JynxKit2 is an LD_PRELOAD userland rootkit based on the original JynxKit. The backdoor has been replaced with an "accept()" system hook.
- [**64**星][5m] [C++] [changeofpace/mouhidinputhook](https://github.com/changeofpace/mouhidinputhook) MouHidInputHook enables users to filter, modify, and inject mouse input data packets into the input data stream of HID USB mouse devices without modifying the mouse device stacks.
- [**63**星][5m] [C++] [urshadow/urmem](https://github.com/urshadow/urmem) C++11 cross-platform library for working with memory (hooks, patches, pointer's wrapper, signature scanner etc.)
- [**60**星][5m] [C] [respeak/ts3hook](https://github.com/respeak/ts3hook) Teamspeak 3 Hook
- [**60**星][2m] [Makefile] [genuinetools/upmail](https://github.com/genuinetools/upmail) Email notification hook for
- [**60**星][4m] [C#] [indieteur/globalhooks](https://github.com/indieteur/globalhooks) Allows you to create global keyboard events
- [**59**星][3m] [C] [codectile/paradise](https://github.com/codectile/paradise) x86/x86-64 hooking library
- [**58**星][2m] [Ruby] [jbjonesjr/letsencrypt-manual-hook](https://github.com/jbjonesjr/letsencrypt-manual-hook) Allows you to use dehydrated (a Let's Encrypt/Acme Client) and DNS challenge response with a DNS provider that requires manual intervention
- [**57**星][1m] [Swift] [unixzii/swiftui-hooks](https://github.com/unixzii/swiftui-hooks) A PoC for implementing hooks in SwiftUI
- [**55**星][5y] [C++] [malwaretech/fsthook](https://github.com/malwaretech/fsthook) A library for intercepting native functions by hooking KiFastSystemCall
- [**54**星][2y] [Py] [stormshadow07/beef-over-wan](https://github.com/stormshadow07/beef-over-wan) Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]
- [**53**星][2y] [C] [chen-charles/pedetour](https://github.com/chen-charles/pedetour) modify binary Portable Executable to hook its export functions
- [**52**星][4y] [C] [zhuhuibeishadiao/pfhook](https://github.com/zhuhuibeishadiao/pfhook) Page fault hook use ept (Intel Virtualization Technology)
- [**51**星][4y] [breakingmalwareresearch/captain-hook](https://github.com/breakingmalwareresearch/captain-hook)
- [**48**星][6m] [Java] [greywolf007/mobileq750hook](https://github.com/greywolf007/mobileq750hook) MobileQ750Hook
- [**48**星][2m] [C] [jay/gethooks](https://github.com/jay/gethooks) GetHooks is a program designed for the passive detection and monitoring of hooks from a limited user account.
- [**47**星][27d] [Py] [safebreach-labs/backdoros](https://github.com/safebreach-labs/backdoros) backdorOS is an in-memory OS written in Python 2.7 with a built-in in-memory filesystem, hooks for open() calls and imports, Python REPL etc.
- [**45**星][2y] [C++] [coltonon/reghookex](https://github.com/coltonon/reghookex) External mid-function hooking method to retrieve register data
- [**44**星][1m] [C] [l1nuxdotfun/spacehook](https://github.com/l1nuxdotfun/spacehook) minecraft premium undeteck cheat!
- [**42**星][1y] [C] [dzzie/hookexplorer](https://github.com/dzzie/hookexplorer) technical tool to analyze a process trying to find various types of runtime hooks. Interface and output is geared torwards security experts. Average users wont be able to decipher its output.
- [**41**星][9y] [C++] [cr4sh/ptbypass-poc](https://github.com/cr4sh/ptbypass-poc) Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.
- [**41**星][5m] [JS] [gaoding-inc/runtime-hooks](https://github.com/gaoding-inc/runtime-hooks)
- [**41**星][3m] [Py] [killswitch-gui/lterm](https://github.com/killswitch-gui/lterm) lterm is a small script built to install a bash hook for full terminal logging.
- [**41**星][4m] [C] [ntraiseharderror/antihook](https://github.com/ntraiseharderror/antihook) PoC designed to evade userland-hooking anti-virus.
- [**39**星][1m] [C] [dodola/traphook](https://github.com/dodola/traphook)
- [**38**星][27d] [C++] [ganyao114/sandboxhookplugin](https://github.com/ganyao114/sandboxhookplugin) demo for inject & hook in sandbox
- [**36**星][1m] [C] [harvie/libpurple-core-answerscripts](https://github.com/harvie/libpurple-core-answerscripts) Most-hackable Pidgin plugin! Framework for hooking scripts to respond received messages for various libpurple clients such as pidgin or finch
- [**36**星][2y] [C#] [roshly/ayyhook-loader](https://github.com/roshly/ayyhook-loader) A Free Open Source Cheat Loader
- [**35**星][2y] [C++] [nickcano/reloadlibrary](https://github.com/nickcano/reloadlibrary) A quick-and-dirty anti-hook library proof of concept.
- [**34**星][6m] [Py] [eset/volatility-browserhooks](https://github.com/eset/volatility-browserhooks) Volatility Framework plugin to detect various types of hooks as performed by banking Trojans
- [**33**星][2m] [JS] [gr2m/before-after-hook](https://github.com/gr2m/before-after-hook) wrap methods with before/after hooks
- [**32**星][5m] [idkwim/frooksinatra](https://github.com/idkwim/frooksinatra) POC of sysenter x64 LSTAR MSR hook
- [**32**星][2m] [C++] [rokups/hooker](https://github.com/rokups/hooker) Minimalistic hooking library written in C
- [**32**星][7m] [ObjC] [zjjno/interface-inspector-hook](https://github.com/zjjno/interface-inspector-hook) Interface Inspector破解
- [**31**星][7m] [C++] [ayuto/dynamichooks](https://github.com/ayuto/dynamichooks) A C++ library to create function hooks dynamically, so you can easily embed it into other programming languages..
- [**31**星][5m] [C++] [hoangprod/leospecial-veh-hook](https://github.com/hoangprod/leospecial-veh-hook) Vectored Exception Handling Hooking Class
- [**30**星][4y] [C] [scorchsecurity/toast](https://github.com/scorchsecurity/toast) User-mode hook bypassing method
- [**30**星][1y] [ObjC] [nododo/hookdouyin](https://github.com/nododo/hookdouyin) iOS逆向:如何让抖音自动播放下一个视频(懒人癌)
- [**29**星][26d] [Kotlin] [godtoy/wework-hook-example](https://github.com/godtoy/wework-hook-example) 企业微信xposed-hook,企业微信Hook,消息收发,自动爆粉
- [**29**星][2m] [C] [robotn/gohook](https://github.com/robotn/gohook) GoHook, Go global keyboard and mouse hook
- [**28**星][3y] [Py] [tr3jer/autohookspider](https://github.com/tr3jer/autohookspider) 将自动爬虫的结果判断是否属于hooks,并不断抓取url爬啊爬。
- [**27**星][1m] [Java] [mx-futhark/hook-any-text](https://github.com/mx-futhark/hook-any-text) The goal of this project is to provide an alternative to well established text hookers, whose features are restrained to a certain number of game engines and emulators.
- [**27**星][2m] [C++] [strobejb/sslhook](https://github.com/strobejb/sslhook) OpenSSL hooking
- [**27**星][1m] [C++] [aixxe/cstrike-basehook-linux](https://github.com/aixxe/cstrike-basehook-linux) Internal project base for Counter-Strike: Source on Linux.
- [**27**星][30d] [Shell] [kintoandar/pre-commit](https://github.com/kintoandar/pre-commit) pre-commit hook terraform; pre-commit hook prometheus
- [**26**星][3y] [C++] [ilyatk/hookengine](https://github.com/ilyatk/hookengine)
- [**26**星][3m] [C#] [nytrorst/hookme](https://github.com/nytrorst/hookme) Exported from
- [**25**星][3y] [C++] [bronzeme/ssdt_hook_x64](https://github.com/bronzeme/ssdt_hook_x64)
- [**25**星][2m] [Py] [esss/hookman](https://github.com/esss/hookman) A plugin management system in python to applications (in totally or partially) written in C++.
- [**25**星][1m] [Py] [rbeuque74/letsencrypt-ovh-hook](https://github.com/rbeuque74/letsencrypt-ovh-hook) Let's Encrypt hook for DNS validation for OVH domains
- [**24**星][6y] [C] [jyang772/hideprocesshookmdl](https://github.com/jyang772/hideprocesshookmdl) A simple rootkit to hide a process
- [**23**星][6m] [Java] [jackuhan/loginhook](https://github.com/jackuhan/loginhook) xposed的hook案例
- [**22**星][3m] [C#] [reloaded-project/reloaded.hooks](https://github.com/reloaded-project/reloaded.hooks) Advanced native function hooks for x86, x64. Welcome to the next level!
- [**21**星][1y] [C#] [michel-pi/lowlevelinput.net](https://github.com/michel-pi/lowlevelinput.net) A thread safe and event driven LowLevelMouse and LowLevelKeyboard Hook
- [**21**星][5m] [ObjC] [zjjno/cornerstonehook](https://github.com/zjjno/cornerstonehook) Cornerstone破解
- [**20**星][1m] [Py] [orndorffgrant/bnhook](https://github.com/orndorffgrant/bnhook) binary ninja plugin for adding custom hooks to executables
- [**20**星][6y] [C] [tongzeyu/hooksysenter](https://github.com/tongzeyu/hooksysenter) hook sysenter,重载内核,下硬件断点到debugport,防止debugport清零
- [**20**星][4m] [Swift] [kealdishx/swiftloadhook](https://github.com/kealdishx/SwiftLoadHook) Use a hack way to achieve similar functions as Load() or initialize() in OC
- [**19**星][29d] [JS] [cynops/frida-hooks](https://github.com/cynops/frida-hooks)
- [**17**星][2y] [JS] [compewter/whoof](https://github.com/compewter/whoof) Web Browser Hooking Framework. Manage, execute and assess web browser vulnerabilities
- [**17**星][3y] [C] [zhuhuibeishadiao/kernelhooksdetection_x64](https://github.com/zhuhuibeishadiao/kernelhooksdetection_x64) x64 Kernel Hooks Detection
- [**16**星][3m] [C] [osrdrivers/penter](https://github.com/osrdrivers/penter) penter hook example and driver time recorder
- [**15**星][4y] [C++] [gfreivasc/vmthook](https://github.com/gfreivasc/vmthook) Virtual Method Table Hook
- [**14**星][2m] [C] [hasherezade/loaderine](https://github.com/hasherezade/loaderine) A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.
- [**14**星][5m] [C] [manicstreetcoders/appinitglobalhooks-mimikatz](https://github.com/manicstreetcoders/appinitglobalhooks-mimikatz) Hide Mimikatz From Process Lists
- [**14**星][28d] [JS] [duolingo/pre-commit-hooks](https://github.com/duolingo/pre-commit-hooks) Standardizing our code quality tooling
- [**12**星][7m] [C++] [mgeeky/prc_xchk](https://github.com/mgeeky/prc_xchk) User-mode process cross-checking utility intended to detect naive malware hiding itself by hooking IAT/EAT.
- [**11**星][7m] [C] [david-reguera-garcia-dreg/emuhookdetector](https://github.com/david-reguera-garcia-dreg/emuhookdetector) hook detector using emulation and comparing static with dynamic outputs
- [**11**星][1y] [C++] [scorbutics/iathook](https://github.com/scorbutics/iathook) A library that allows hook any imported function from the IAT (works only in x64)
- [**10**星][9m] [ObjC] [elegantliar/wechathook](https://github.com/ElegantLiar/WeChatHook) iOS非越狱 逆向微信实现防撤回, 修改步数
- [**10**星][3m] [C] [u2400/libc_hook_demo](https://github.com/u2400/libc_hook_demo) 一个HIDS agent端的demo
- [**9**星][9m] [C++] [david-grs/mtrace](https://github.com/david-grs/mtrace) simple c++ hooks around malloc/realloc/free
- [**8**星][10m] [coolervoid/bank_mitigations](https://github.com/coolervoid/bank_mitigations) Anti keylogger, anti screen logger... Strategy to protect with hookings or improve your sandbox with spyware detection... - Demo
- [**8**星][2m] [C++] [cyrex1337/hook.lib](https://github.com/cyrex1337/hook.lib) easy detour-, vftable-, iat- and eathooking
- [**8**星][2m] [C] [david-reguera-garcia-dreg/cgaty](https://github.com/david-reguera-garcia-dreg/cgaty) Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition
- [**8**星][3y] [C] [hollydi/ring0hook](https://github.com/hollydi/ring0hook)
- [**8**星][1y] [Swift] [zhangkn/hookingcmethods](https://github.com/zhangkn/hookingcmethods) Hooking & Executing Code with dlopen & dlsym ---Easy mode:hooking C methods
- [**7**星][1y] [C++] [codereversing/sehveh_hook](https://github.com/codereversing/sehveh_hook) Hooking functions with structured and vectored exception handling
- [**7**星][3y] [Java] [fuhuiliu/xposedhooktarget](https://github.com/fuhuiliu/xposedhooktarget) Xposed 插件基础开发之Hook目标
- [**7**星][8y] [C++] [wyyqyl/hookiat](https://github.com/wyyqyl/hookiat)
- [**6**星][6y] [C#] [aristocat/keyhook](https://github.com/aristocat/keyhook) A C# library for general hot keys.
- [**6**星][5m] [Java] [lailune/slrrmultiplayer](https://github.com/lailune/slrrmultiplayer) Street Legal: Redline hook-based Multiplayer modification
- [**4**星][3y] [C++] [blaquee/apchook](https://github.com/blaquee/apchook) hooking KiUserApcDispatcher
- [**4**星][2y] [ObjC] [corzfree/hookwx](https://github.com/corzfree/hookwx) 逆向工具
- [**4**星][2y] [C++] [m0rtale/universal-wndproc-hook](https://github.com/m0rtale/universal-wndproc-hook) Universal WndProc Hook for x86 and x64
- [**4**星][1y] [C] [nikolait/chess-com-cheat](https://github.com/nikolait/chess-com-cheat) Library that hooks into PR_Write() and PR_Read() in firefox processes and manipulates WebSocket Messages to cheat on chess.com
- [**4**星][6y] [C++] [simonberson/chromeurlsniffer](https://github.com/simonberson/chromeurlsniffer) Hook to Chrome Browser URL and show the current URL on simple textbox
- [**3**星][2y] [ObjC] [susnmos/xituhook](https://github.com/susnmos/xituhook) 逆向分析及修复稀土掘金iOS版客户端闪退bug
- [**2**星][4m] [Py] [swarren/uboot-test-hooks](https://github.com/swarren/uboot-test-hooks) Example "hook" scripts for the U-Boot test framework
- [**2**星][2y] [C] [synestraa/archultimate.hooklib](https://github.com/synestraa/archultimate.hooklib) ArchUltimate hook library
- [**2**星][2m] [C] [carlomara/qemu-ioctl-hooks](https://github.com/carlomara/qemu-ioctl-hooks) Code samples for blog post
- [**1**星][1y] [TS] [larkintuckerllc/hello-hooks](https://github.com/larkintuckerllc/hello-hooks)
- [**1**星][1y] [C++] [smore007/remote-iat-hook](https://github.com/smore007/remote-iat-hook) Remote IAT hook example. Useful for code injection
- [**1**星][2y] [ObjC] [wpstarnice/hookstatistics](https://github.com/wpstarnice/hookstatistics)
- [**1**星][2y] [C++] [zuhhcsg0/nebulahook](https://github.com/zuhhcsg0/nebulahook)
- [**1**星][2y] [C] [chocolateboy/b-hooks-op-annotation](https://github.com/chocolateboy/b-hooks-op-annotation) A Perl module which allows XS modules to annotate and delegate hooked OPs
- [**1**星][5m] [C++] [fireboyd78/d3hook](https://github.com/fireboyd78/d3hook) The magnificent hooking framework for Driv3r.
- [**0**星][1y] [Rust] [badboy/travis-after-all-rs](https://github.com/badboy/travis-after-all-rs) The missing `after_all_success` hook for Travis
- [**0**星][2y] [C] [cblack-r7/hashcat-hook](https://github.com/cblack-r7/hashcat-hook) A few LD_PRELOAD hooks to fix specific issues with hashcat
- [**0**星][2y] [Py] [ciscose/sparkhelper](https://github.com/ciscose/sparkhelper) A few of functions that help with checking that your bot is being used by an approved organization and for verifying the signature of a web hook request.
- [**0**星][2y] [JS] [yazeedb/responsive-fdt2-hooks](https://github.com/yazeedb/responsive-fdt2-hooks) Created with CodeSandbox
- [**0**星][10m] [zhulmin/iosapphook](https://github.com/zhulmin/iosapphook) iOS 逆向开发学习笔记
- [**0**星][1y] [shell] [keychest/certbot-hooks](https://gitlab.com/keychest/certbot-hooks)
- [**0**星][5y] [Py] [nikseetharaman/grapplinghook](https://github.com/nikseetharaman/grapplinghook) Open Source 802.11 Direction Finder
- [**None**星][C] [tandasat/uefivarmonitor](https://github.com/tandasat/uefivarmonitor) The runtime DXE driver monitoring access to the UEFI variables by hooking the runtime service table.
- [**None**星][C] [shoumikhin/elf-hook](https://github.com/shoumikhin/elf-hook) ELF shared library import table patching for function redirection.
***
- 2020.02 [zoom] [‘We Were Hooked From Day One’: How Zoom, Zoom Rooms Helped Save the Children Transform Communications](https://blog.zoom.us/wordpress/2020/02/28/zoom-save-the-children-transform-communications/)
- 2020.02 [cqureacademy] [[RSA USA 2020] Explore Adventures in the Underland: Forensic Techniques Against Hackers Evading the Hook](https://cqureacademy.com/blog/other/rsa-usa-2020-explore-adventures-in-the-underland-forensic-techniques-against-hackers-evading-the-h