EasyHook starts where Microsoft Detours ends.
This is my favorite engine, very interesting the Thread Deadlock Barrier:
This project supports extending (hooking) unmanaged code (APIs) with pure managed ones, from within a fully managed environment like C# using Windows 2000 SP4 and later, including Windows XP x64, Windows Vista x64 and Windows Server 2008 x64. Also 32- and 64-bit kernel mode hooking is supported as well as an unmanaged user-mode API which allows you to hook targets without requiring a NET Framework on the customers PC. An experimental stealth injection hides hooking from most of the current AV software.
http://www.codeplex.com/easyhook <- The engine URL
http://appstract.googlecode.com/files/Thesis-v1.pdf <- Literature Related to EasyHook
The following is an incomplete list of features:
* A so called "Thread Deadlock Barrier" will get rid of many core problems when hooking unknown APIs; this technology is unique to EasyHook
* You can write managed hook handlers for unmanaged APIs
* You can use all the convenience managed code provides, like NET Remoting, WPF and WCF for example
* A documented, pure unmanaged hooking API
* Support for 32- and 64-bit kernel mode hooking (also check out my PatchGuard 3 bypass driver which can be found in the release list)
* No resource or memory leaks are left in the target
* Experimental stealth injection mechanism that won't raise attention of any current AV Software
* EasyHook32.dll and EasyHook64.dll are pure unmanaged modules and can be used without any NET framework installed!
* All hooks are installed and automatically removed in a stable manner
* Support for Windows Vista SP1 x64 and Windows Server 2008 SP1 x64 by utilizing totally undocumented APIs, to still allow hooking into any terminal session.
* Managed/Unmanaged module stack trace inside a hook handler
* Get calling managed/unmanaged module inside a hook handler
* Create custom stack traces inside a hook handler
* You will be able to write injection libraries and host processes compiled for AnyCPU, which will allow you to inject your code into 32- and 64-Bit processes from 64- and 32-Bit processes by using the very same assembly in all cases.
* EasyHook supports RIP-relative addressing relocation for 64-Bit targets.
* No unpacking/installation necessary.
* The Visual Studio Redistributable is not required.
This is my favorite engine, very interesting the Thread Deadlock Barrier:
This project supports extending (hooking) unmanaged code (APIs) with pure managed ones, from within a fully managed environment like C# using Windows 2000 SP4 and later, including Windows XP x64, Windows Vista x64 and Windows Server 2008 x64. Also 32- and 64-bit kernel mode hooking is supported as well as an unmanaged user-mode API which allows you to hook targets without requiring a NET Framework on the customers PC. An experimental stealth injection hides hooking from most of the current AV software.
http://www.codeplex.com/easyhook <- The engine URL
http://appstract.googlecode.com/files/Thesis-v1.pdf <- Literature Related to EasyHook
The following is an incomplete list of features:
* A so called "Thread Deadlock Barrier" will get rid of many core problems when hooking unknown APIs; this technology is unique to EasyHook
* You can write managed hook handlers for unmanaged APIs
* You can use all the convenience managed code provides, like NET Remoting, WPF and WCF for example
* A documented, pure unmanaged hooking API
* Support for 32- and 64-bit kernel mode hooking (also check out my PatchGuard 3 bypass driver which can be found in the release list)
* No resource or memory leaks are left in the target
* Experimental stealth injection mechanism that won't raise attention of any current AV Software
* EasyHook32.dll and EasyHook64.dll are pure unmanaged modules and can be used without any NET framework installed!
* All hooks are installed and automatically removed in a stable manner
* Support for Windows Vista SP1 x64 and Windows Server 2008 SP1 x64 by utilizing totally undocumented APIs, to still allow hooking into any terminal session.
* Managed/Unmanaged module stack trace inside a hook handler
* Get calling managed/unmanaged module inside a hook handler
* Create custom stack traces inside a hook handler
* You will be able to write injection libraries and host processes compiled for AnyCPU, which will allow you to inject your code into 32- and 64-Bit processes from 64- and 32-Bit processes by using the very same assembly in all cases.
* EasyHook supports RIP-relative addressing relocation for 64-Bit targets.
* No unpacking/installation necessary.
* The Visual Studio Redistributable is not required.
