EasyHook
来源:互联网 发布:淘宝美工将来有前途么 编辑:程序博客网 时间:2024/06/16 19:05
EasyHook
The reinvention of Windows API Hooking
Welcome to EasyHook
EasyHook makes it possible to extend(via hooking)unmanaged code APIS with pure managed functions,
from within a fully managed environment on 32- or 64-bit Windows XP SP2, Windows Vista x64, Windows Server 2008 x64,
Windows 7, Windows8.1, and Windows 10.
EasyHook supports injecting assemblies built for .NET Framework 3.5 / 4.0+ as well as native DLLs.
Get the latest release.
Refer to the documentation for how to get started.
Ask a question or raise issues on the issue tracker or chat on gitter.
Take a look at the features of EasyHook.
View the project on GitHub.
As of November 2015 EasyHook is released under the MIT license.
Bug reports or questions
Reporting bugs is the only way to get them fixed and help other users of the library!
Please report issues and ask questions on the GitHub project issue tracker or chat on gitter
Donations
Donations are greatly appreciated. If you find EasyHook useful, or are feeling generous and
would like to make a donation to this project, we accept aonation’s via PayPal :)
Features
- A “Thread Deadlock Barrier” deals with many core problems when hooking unknown APIs;
This technology is unique to EasyHook
You can write managed hook handlers for unmanaged APIs
You can use all the convenience managed code provides, like .NET Remoting, WPF, and WCF
.NET assemblies are injected into a new AppDomain where possible, ensuring that your assemblies are
completely unloaded from the target when detached.
- You can write injection libraries and host processes compiled for AnyCPU, which allows you to
inject your assembly into both 32- and 64-bint processes from 64- and 32-bit processes.
- Your .NET assemblies do not need to be registered in the Global Assembly Cache(GAC) - greatly simplifying
development and releases
EasyHook supports RIP-relative address relocation for 64-bit targets.
Support for hooking Com interfaces.
A documented pure unmanaged hooking API
No resource or memory leaks are left in the target.
EasyHook32.dll and EasyHook64.dll are native libraries that can be used without any .NET framework installed.
All hooks are installed and automatically removed in a stable manner.
Support for Thread ACLs to control which threads will use the hook.
Experimental stealth injection mechanism that won’t raise attention of AV Software.
Managed/Unmanaged module stack trace inside a hook handler.
Get calling Managed/Unmanged module inside a hook handler.
Create custom stack traces inside a hook handler.
No unpacking/installation necessary.
The Visual Studio redistributable are not required.
Support for 32- and 64-bit kernel mode hooking - however no support for bypassing PatchGuard is supplied.
Authors and Contributors
EasyHook was originally released by Christoph Husse in 2008 and since 2012 has been maintained by Justin
Stenning. The project moved from CodePlex to GitHub in August 2015.
As of November 2015 EasyHook is now released under the MIT license.
EasyHook includes the UDIS86 library Copyright(c) 2002-2012, Vivek Thampi.