https://github.com/liulilittle/nethook

it is a can make .net / clr applications can be the underlying hook winapi, and modify api execution flow.
https://github.com/liulilittle/nethook

asm assembly csharp hook hooking inline inline-hook intel windows x86 x86-64

Last synced: 8 months ago
JSON representation

it is a can make .net / clr applications can be the underlying hook winapi, and modify api execution flow.

Host: GitHub
URL: https://github.com/liulilittle/nethook
Owner: liulilittle
License: gpl-3.0
Created: 2016-05-19T05:41:20.000Z (over 9 years ago)
Default Branch: master
Last Pushed: 2016-05-21T07:37:16.000Z (over 9 years ago)
Last Synced: 2025-05-07T02:03:53.056Z (9 months ago)
Topics: asm, assembly, csharp, hook, hooking, inline, inline-hook, intel, windows, x86, x86-64
Language: C#
Homepage:
Size: 35.2 KB
Stars: 15
Watchers: 1
Forks: 6
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# NetHook
it is a can make .net / clr applications can be the underlying hook winapi, and modify api execution flow. you can use it to accomplish want in RING3 layer any hook a winapi.in the open source code, contains a code demo.

in the nethook use the code asm code.
1. x86 // E9 00 00 00 00
jmp rva

2. x64 // 48 B8 00 00 00 00 00 00 00 00 FF E0
mov rax, va
jmp rax

but of course, there are many ways, and not just above two, for example, in x64, you also can do.
mov rax, va // 48H B8H XX XX XX XX XX XX XX XX 50H C3H
push rax
ret

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/liulilittle/nethook

Awesome Lists containing this project

README