EasyHook

EasyHook

The reinvention of Windows API Hooking

Welcome to EasyHook

EasyHook makes it possible to extend(via hooking)unmanaged code APIS with pure managed functions,

from within a fully managed environment on 32- or 64-bit Windows XP SP2, Windows Vista x64, Windows Server 2008 x64,

Windows 7, Windows8.1, and Windows 10.

EasyHook supports injecting assemblies built for .NET Framework 3.5 / 4.0+ as well as native DLLs.

• Get the latest release.

• Refer to the documentation for how to get started.

• Ask a question or raise issues on the issue tracker or chat on gitter.

• Take a look at the features of EasyHook.

• View the project on GitHub.

As of November 2015 EasyHook is released under the MIT license.

Bug reports or questions

Reporting bugs is the only way to get them fixed and help other users of the library!

Please report issues and ask questions on the GitHub project issue tracker or chat on gitter

Donations

Donations are greatly appreciated. If you find EasyHook useful, or are feeling generous and

would like to make a donation to this project, we accept aonation’s via PayPal :)

Features

• A “Thread Deadlock Barrier” deals with many core problems when hooking unknown APIs;

This technology is unique to EasyHook

• You can write managed hook handlers for unmanaged APIs

• You can use all the convenience managed code provides, like .NET Remoting, WPF, and WCF

• .NET assemblies are injected into a new AppDomain where possible, ensuring that your assemblies are

completely unloaded from the target when detached.

• You can write injection libraries and host processes compiled for AnyCPU, which allows you to

inject your assembly into both 32- and 64-bint processes from 64- and 32-bit processes.

• Your .NET assemblies do not need to be registered in the Global Assembly Cache(GAC) - greatly simplifying

development and releases

• EasyHook supports RIP-relative address relocation for 64-bit targets.

• Support for hooking Com interfaces.

• A documented pure unmanaged hooking API

• No resource or memory leaks are left in the target.

• EasyHook32.dll and EasyHook64.dll are native libraries that can be used without any .NET framework installed.

• All hooks are installed and automatically removed in a stable manner.

• Support for Thread ACLs to control which threads will use the hook.

• Experimental stealth injection mechanism that won’t raise attention of AV Software.

• Managed/Unmanaged module stack trace inside a hook handler.

• Get calling Managed/Unmanged module inside a hook handler.

• Create custom stack traces inside a hook handler.

• No unpacking/installation necessary.

• The Visual Studio redistributable are not required.

• Support for 32- and 64-bit kernel mode hooking - however no support for bypassing PatchGuard is supplied.

Authors and Contributors

EasyHook was originally released by Christoph Husse in 2008 and since 2012 has been maintained by Justin

Stenning. The project moved from CodePlex to GitHub in August 2015.

As of November 2015 EasyHook is now released under the MIT license.

EasyHook includes the UDIS86 library Copyright(c) 2002-2012, Vivek Thampi.