Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/renarddev/hijack

A utility leveraging Windows 10+ mechanisms to intercept process creation by registering a debugger in the system registry.
https://github.com/renarddev/hijack

hijack hijacking hijacking-methods injector injector-x64

Last synced: 5 months ago
JSON representation

A utility leveraging Windows 10+ mechanisms to intercept process creation by registering a debugger in the system registry.

Awesome Lists containing this project

README 

          
# HiJack

A utility leveraging Windows 10+ mechanisms to intercept process creation by registering a debugger in the system registry.



# Commands

```

HiJack.exe /list

HiJack.exe /add  [Flags]

HiJack.exe /remove  [Flags]

```



### Flags

```

0x1 - Unload the library immediately after calling DllMain.

0x2 - Enable LDR linking.

```



# Usage

To intercept a process, such as hello.exe, execute the following command:

```

HiJack.exe /add hello.exe

```

This will enable HiJack to intercept the process creation of `hello.exe` and inject the library `_hijack.dll` (e.g., `hello_hijack.dll` or `hello_hijack32.dll` if the process is 32-bit). The DLL file must be located in the same directory as the intercepted executable file, but it is also acceptable for the DLL to be located in the same directory as HiJack.



# NOTE

* Ensure that you use the appropriate version of HiJack:

  - Use the 32-bit version for 32-bit processes.

  - Use the 64-bit version for 64-bit processes.

* The 32-bit version of HiJack can utilize the 64-bit version if both executables are placed in the same directory.

* The 64-bit version of HiJack can utilize the 32-bit version if both executables are placed in the same directory.

* The NTDLL project is a DLL that can be used as an example for injection.