https://github.com/i32-sudo/hookdumper

WinAPI Hooking tool that can dump data written to processes or to files through IO.
https://github.com/i32-sudo/hookdumper

api breakpoint bypass createfile deletefile dump dumper hardware hook hooking readprocessmemory undetected winapi windows writeprocessmemory

Last synced: 2 months ago
JSON representation

WinAPI Hooking tool that can dump data written to processes or to files through IO.

• Host: GitHub
• URL: https://github.com/i32-sudo/hookdumper
• Owner: i32-Sudo
• License: other
• Created: 2024-05-07T23:07:34.000Z (9 months ago)
• Default Branch: main
• Last Pushed: 2024-08-24T19:01:22.000Z (5 months ago)
• Last Synced: 2024-08-24T20:21:36.370Z (5 months ago)
• Topics: api, breakpoint, bypass, createfile, deletefile, dump, dumper, hardware, hook, hooking, readprocessmemory, undetected, winapi, windows, writeprocessmemory
• Language: C++
• Homepage:
• Size: 2.73 MB
• Stars: 3
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: readme.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Hook Based Dumper (EzDumper)

An injectable DLL that hooks Windows API Functions inside a program to dump the variables passed in and the returned variables such as DeleteFileW/DeleteFileA.

# Hooks

- ReadProcessMemory (Dumps the returned variable it is trying to read)

- WriteProcessMemory (Dumps the buffer it is trying to write)

- DeleteFileA & DeleteFileW (Dumps the file contents before deleting it)

# Security

I will add more security features in the future to prevent detection.

- Kernel32 GetThreadContext HW Breakpoint Detection (Prevent HW Breakpoint Detect)

- Kernel32 NtRaiseHardError (Prevent Forced BSOD through Kernel Calling)

- _RtlCreateUserThread Hook and RIP/EIP Spoofing to bypass thread tracing of DLL.

# Project

This is just a Pre-Dump Project that I'll develop on and re-release under a new repo with better features and more hooks related to file dumping and etc.