所有收集类项目
Hook
- 跟Hooking相关资源。300+工具和600+文章
- English Version
目录
- 高星工具
- D3DX-Hook -> (8)工具 (6)文章
- Frida-Hook -> (1)工具 (15)文章
- Windows
- Linux -> (9)工具 (19)文章
- Apple
- inspectivec -> (1)工具
- captainhook -> (1)工具
- blockhook -> (1)工具
- (8) 工具
- (3) 文章
- Android
- 新添加
高星工具
Dobby
工具
- [1688星][28d] [C++] jmpews/dobby 轻量级,多平台,多体系结构的Hook框架(曾用名:HookZz)
- [316星][4m] [ObjC] jmpews/hookzzmodules modules deps on HookZz framework.
- [67星][30d] [C] luoyanbei/testhookzz iOS逆向:使用HookZz框架hook游戏“我的战争”,进入上帝模式
文章
- 2017.09 [pediy] [原创] 利用 HookZz 实现反调试与绕过的奇淫技巧
plthook
工具
- [283星][28d] [C] kubo/plthook 修改ELF文件的PLT、PE文件的IAT,实现的函数Hook
subhook
工具
- [385星][1m] [C] zeex/subhook 简易的跨平台Hook框架,针对C/C++,只支持x86。无依赖
whale
工具
- [917星][26d] [C++] aslody/whale Hook Framework for Android/IOS/Linux/MacOS
文章
- 2019.01 [pediy] [原创]Whale -- ART Hook的最方案与实践
D3DX-Hook
工具
- [203星][28d] [C++] rebzzel/kiero Universal graphical hook for a D3D9-D3D12, OpenGL and Vulcan based games.
- [59星][2m] [C++] codereversing/directx9hook Runtime DirectX9 Hooking
- [52星][11m] [C++] gaypig/directx11-hook-with-discord DirectX11 hook with discord
- [40星][4m] [C++] rebzzel/universal-d3d11-hook Universal hook for DX11 based games written in C++
- [37星][4m] [C++] niemand-sec/directx11hook Hooking Game Graphic Engines!
- [11星][4m] [C++] guided-hacking/gh_d3d11_hook Barebones D3D11 hook.
- [5星][1y] [C++] nexus-devs/nexus-hook Hooking functionality for DirectX11 applications
- [0星][3m] [Lua] yungtry/gtasa-d3dhook Directx hook GTA:SA via Cheat Engine
文章
- 2018.03 [qq] 【外挂分析】hookd3d9 通用CPU优化
- 2017.12 [pediy] [原创] Hook Directx在游戏中显示自己的文字 代码加注解 MASM
- 2016.03 [pediy] [原创]非静态成员函数定位及HOOK以DirectX内部成员函数为例
- 2015.12 [codereversing] Runtime DirectX Hooking
- 2014.11 [pediy] [原创][原创]D3D HOOK 游戏透视实现
- 2014.06 [pediy] [原创]从来没人公开的秘密 -----D3D HOOK的捷径
Frida-Hook
工具
- [76星][2m] [Py] hamz-a/jeb2frida Automated Frida hook generation with JEB
文章
- 2020.05 [aliyun] How to hook Android Native methods with Frida (Noob Friendly)
- 2020.05 [aliyun] 使用Frida给apk脱壳并穿透加固Hook函数
- 2020.04 [wundercontrol] [Android] Hooking void method - Frida
- 2019.11 [securify] Android Frida hooking: disabling FLAG_SECURE
- 2019.10 [securify] Automated Frida hook generation with JEB
- 2019.01 [fuzzysecurity] Windows Hacking 之:ApplicationIntrospection & Hooking With Frida
- 2018.11 [freebuf] Frida-Wshook:一款基于Frida.re的脚本分析工具
- 2018.09 [pediy] [原创]使用frida来hook加固的Android应用的java层
- 2018.07 [pediy] [原创]在windows搭建frida hook环境碰到问题
- 2018.07 [pediy] [原创]进阶Frida--Android逆向之动态加载dex Hook(三)(下篇)
- 2018.07 [pediy] [原创]进阶Frida--Android逆向之动态加载dex Hook(三)(上篇)
- 2018.06 [pediy] [原创]初识Frida--Android逆向之Java层hook (二)
- 2018.06 [pediy] [原创]初识Frida--Android逆向之Java层hook (一)
- 2017.08 [notsosecure] 如何动态调整使用 Android 的NDK 编写的代码,即:使用 Frida Hook C/ C++ 开发的功能。
- 2017.04 [fuping] Android HOOK 技术之Frida的初级使用
Windows
monohook
工具
- [269星][30d] [C#] misaka-mikoto-tech/monohook hook C# method at runtime without modify dll file (such as UnityEditor.dll)
hyperbone
工具
- [423星][1y] [C] darthton/hyperbone 极简的带Hook的VT-x hypervisor
ddimon
工具
- [512星][2y] [C++] tandasat/ddimon 通过使用扩展页表(EPT),执行内联hook的hypervisor,对访客(即除DdiMon之外的任何代码)是不可见的
mhook
工具
- [512星][30d] [C] martona/mhook A Windows API hooking library
文章
- 2017.11 [apriorit] Mhook Enhancements: 10x Speed Improvement and Other Fixes
- 2014.09 [pediy] [原创]MHOOK中跳板复用bug分析
polyhook
工具
- [646星][9m] [C++] stevemk14ebr/polyhook x86/x64 C++ Hooking Library
- [515星][27d] [C++] stevemk14ebr/polyhook_2_0 C++17, x86/x64 Hooking Libary v2.0
infinityhook
工具
- [1079星][4m] [C++] everdox/infinityhook Hook system calls, context switches, page faults and more.
minhook
工具
- [1364星][28d] [C] tsudakageyu/minhook 最小化的x86/x64 API Hook 库
- [28星][2y] [C] sentinel-one/minhook The Minimalistic x86/x64 API Hooking Library for Windows
文章
- 2019.03 [aliyun] minhook源码阅读分析
- 2017.09 [pediy] [原创]MinHook测试与分析(x64下 E9,EB,CALL指令测试,且逆推测试微软热补丁)
- 2017.09 [pediy] [原创]MinHook测试分析01 (x86的jmp+offset类型hook)
easyhook
工具
- [1707星][1y] [C] easyhook/easyhook 重新发明了Windows API挂钩
- [67星][27d] [C#] easyhook/easyhook-tutorials Contains the source code for the EasyHook tutorials found at
- [14星][5m] [C#] ulysseswu/vinjex A simple DLL injection lib using Easyhook, inspired by VInj.
文章
- 2017.11 [BinaryAdventure] EasyHook x64 Notepad API Hook part 2
- 2017.11 [BinaryAdventure] API Hooking - Using EasyHook to hook NtCreateFile in Notepad.exe
.NET
工具
- [117星][2y] [C#] tandasat/dotnethooking Sample use cases of the .NET native code hooking technique
- [60星][2y] [C#] wledfor2/playhooky C# Runtime Hooking Library for .NET/Mono/Unity.
- [34星][4m] [C#] dangbee/dotnethook A hook proof of concept with no native dependencies. Hook both .NET methods (even framework methods) and Native methods entirely in .NET.
- [31星][1y] [C#] thaisenpm/loader2 Nova Hook is an open source C# cheat loader currently built for CS:GO
- [16星][6m] [C#] lontivero/open.winkeyboardhook A simple and easy-to-use .NET managed wrapper for Low Level Keyboard hooking.
- [15星][2m] [Visual Basic .NET] thaisenpm/loader1 Nova Hook is an open source VB.NET cheat loader currently built for CS:GO
- [11星][6m] [C#] 20chan/globalhook Simple global keyboard, mouse hook and simulation library written C#
- [None星][C#] elliesaur/dotnethook A hook proof of concept with no native dependencies. Hook both .NET methods (even framework methods) and Native methods entirely in .NET.
SSDT
工具
- [58星][3y] [C++] int0/processisolator Utility to hook SSDT of specific process and transfer control to a service (usermode app) for handling to determine action allow/deny API call etc.
- [12星][5y] [C] s18leoare/hackshield-driver-bypass Bypass HackShield several specific SSDT hook in Ring0
- [8星][3m] [C] papadp/shd Ssdt Hook Detection tool
- [7星][11m] [C] cherryzy/process_protect_module Monitor and protect processes use "PsSetCreateProcessNotifyRoutineEx" and kernel ssdt hook.
- [6星][6y] [C++] wyrover/hkkerneldbg F**k ssdt hook in np, tp, hs
- [3星][2y] [C] sqdwr/64-bits-inserthook insert a ssdt table to hook
文章
- 2018.12 [pediy] [原创]过用户层HOOK 驱动层SSDT HOOK (之进程保护篇)
- 2018.11 [pediy] [分享][原创]Win7 x86 SSDT Inline Hook
- 2016.05 [pediy] [原创]关于Win7 x64 Shadow SSDT 的探索和 Inline HOOK
- 2015.12 [insinuator] Investigating Memory Analysis Tools – SSDT Hooking via Pointer Replacement
- 2015.09 [pediy] [原创]旧代码分享:绕过卡巴斯基主动防御,加载驱动,unhook所有SSDT&Shadow SSDT
- 2015.09 [pediy] 原创 普及X64 ssdtshadow inline HOOK
- 2015.05 [pediy] [原创]SSDT InlineHook学习笔记
- 2013.12 [pediy] [原创]SSDT Hook 详细过程
- 2013.12 [pediy] [原创]Win8 32位中SSDT Shadow Hook的实现方法
- 2013.08 [pediy] [原创]Win32Asm 驱动学习笔记《 HOOK SSDT》
- 2013.08 [pediy] [原创]新手学ssdt_hook
- 2013.06 [pediy] [原创]一份简单的内核通用HOOK 带使用例子(带简单SSDT恢复)~
- 2012.07 [pediy] [原创]汇编与驱动-采用SSDT Hook NtOpenProcess保护进程
- 2012.06 [pediy] [原创]E语言ring0 inline &ssdt hook
- 2011.12 [pediy] [原创]谈谈 通杀SSDT hook和Shadow SSDT hook的方法
- 2011.08 [sevagas] Hide files using SSDT hooking
- 2011.07 [pediy] [原创]shadow_ssdt_hook_2.asm
- 2010.12 [pediy] [翻译]系统范围内挂钩Native API控制进程创建(SSDT HOOK)
- 2010.12 [pediy] [原创一个简单的ssdthook进程名 保护进程 兼容2000以后所有x86系统](https://bbs.pediy.com/thread-126077.htm)
- 2009.10 [pediy] [原创]FSD HOOK与SSDT HOOK恢复简单思路
- 2009.02 [pediy] [原创]Anti SSDT Hook
- 2008.12 [pediy] [原创]打造自己的HOOK引擎 之一 --- SSDT HOOK引擎
- 2008.12 [pediy] [原创]inline hook SSDT 躲避 Themida 的ThreadHideFromDebugger (学习笔记2)
- 2008.12 [pediy] [原创]扫盲贴,HOOK SSDT 短文一篇。
- 2008.11 [pediy] [原创]HOOK SSDT AND HOOK Shadow SSDT FOR DELPHI
- 2008.11 [talosintelligence] Fun with SSDT Hooks and DEP
- 2008.08 [pediy] [原创]分享比较完整的ROOTKIT DEMO! 原来Shadow Hook和SSDT Hook一样容易!
- 2008.07 [pediy] [原创]重现SSDT-Shadow Hook编译通过的代码,献给所有,有共享精神的人
- 2008.06 [pediy] [原创]Hook Shadow SSDT
- 2008.05 [pediy] [原创]谈谈对于SSDT中的API进行双层HOOK的通用处理模式
- 2008.04 [pediy] [原创]SSDT Hook For Delphi
- 2008.01 [pediy] [原创]RootKit hook之[二] SSDT hook
- 2007.08 [pediy] [原创]用DDDK编写驱动,修改SSDT表HOOK NTDebugActiveProcess函数
- 2007.03 [pediy] [原创]SSDT Hook的妙用-对抗ring0 inline hook
工具
- [1866星][27d] [Py] boppreh/keyboard 在Windows和Linux上挂钩和模拟全局键盘事件
- [787星][4m] [C++] ysc3839/fontmod 修改 Win32 程序字体的简单的 hook 工具。可用于一些基于 GDI 或者 Qt 的程序
- [546星][5m] [C#] crosire/scripthookvdotnet An ASI plugin for Grand Theft Auto V, which allows running scripts written in any .NET language in-game.
- [310星][29d] [C] gbps/gbhv Simple x86-64 VT-x Hypervisor with EPT Hooking
- [193星][26d] [C#] justcoding121/windows-user-action-hook A .NET library to subscribe for Windows operating system global user actions such mouse, keyboard, clipboard & print events
- [92星][3y] [C++] shmuelyr/captainhook CaptainHook is perfect x86/x64 hook environment
- [88星][2m] [C] tinysec/iathook windows内核模式和用户模式IAT hook
- [79星][3y] [C] stevemk14ebr/unihook Intercept arbitrary functions at run-time, without knowing their typedefs
- [76星][24d] [C] danielkrupinski/vac-hooks Hook WinAPI functions used by Valve Anti-Cheat. Log calls and intercept arguments & return values. DLL written in C.
- [45星][10m] [C#] userr00t/universalunityhooks A framework designed to hook into and modify methods in unity games via dlls
- [44星][7m] [C++] wopss/renhook An open-source x86 / x86-64 hooking library for Windows.
- [42星][1m] [Rust] verideth/dll_hook-rs Rust code to show how hooking in rust with a dll works.
- [40星][1m] [C++] prekageo/winhook
- [38星][1m] [C++] rolfrolles/wbdeshook DLL-injection based solution to Brecht Wyseur's wbDES challenge (based on SysK's Phrack article)
- [38星][1m] [Assembly] muffins/rookit_playground Educational repository for learning about rootkits and Windows Kernel Hooks.
- [35星][2m] [C++] codereversing/wow64syscall WoW64 Syscall Hooking
- [34星][3y] [C++] menooker/fishhook An inline hook platform for Windows x86/x64
- [34星][30d] [Py] byzero512/winpwn for CTF windows pwn and IAT/EAT hook
- [32星][2m] [C++] netdex/twinject Automated player and hooking framework for bullet hell games from the Touhou Project
- [30星][2m] [C] deroko/activationcontexthook Hook 进程,强制进程加载重定向的 DLL
- [29星][4m] [C++] m-r-j-o-h-n/swh-injector An Injector that can inject dll into game process protected by anti cheat using SetWindowsHookEx.
- [27星][6m] [HTML] flyrabbit/winproject Hook, DLLInject, PE_Tool
- [27星][3m] [C] tinysec/runwithdll windows create process with a dll load first time via LdrHook
- [24星][3m] [C] david-reguera-garcia-dreg/phook Full DLL Hooking, phrack 65
- [24星][5m] [C] maikel233/x-hook-for-csgo Aimtux for Windows.
- [22星][1m] [Go] castaneai/hinako x86 WinAPI hook written in pure Go
- [22星][29d] [C++] xbased/xhook Hook Windows API. supports Win7/8/10 x86 and x64 platform.
- [21星][2m] [C] adrianyy/kernelhook Windows inline hooking tool.
- [21星][5m] [C] xiaofen9/ssdthook An SSDT hook for Windows
- [19星][5m] [Java] col-e/simplified-jna Multi-threaded JNA hooks and simplified library access to window/key/mouse functions.
- [18星][11m] [Assembly] egebalci/hook_api Assembly block for hooking windows API functions.
- [16星][5m] [C] sin5678/hidedir 使用SSDT HOOK 在windows上隐藏指定文件或者文件夹
- [14星][3m] [C++] hmihaidavid/hooks A DLL that performs IAT hooking
- [13星][4y] [C++] jonasblunck/dp Win32 API and COM hooking/tracing.
- [13星][7m] [C#] kanegovaert/unknown-logger An advanced Windows Keylogger with features like (Disable CMD, Screenshotter, Client Stub Builder, Low Level Keyhooks, Hide Application, Respawner, Delete Chrome and Firefox data, and more!)
- [12星][8m] [C++] sin5678/wow64hook wow64 syscall filter
- [11星][6m] [Py] debasishm89/qhook qHooK is very simple python script (dependent on pydbg) which hooks user defined Win32 APIs in any process and monitor then while process is running and at last prepare a CSV report with various interesting information which can help reverse engineer to track down / analyse unknown exploit samples / shellcode.
- [11星][1y] [C++] therena/findthestupidwindow Windows API hooking project to log all the windows / UIs with the exact timestamp when they are opened.
- [11星][6y] weixu8/registrymonitor Formely KMon, a Windows Kernel Driver designed to prevent malware attacks by monitoring the creation of registry keys in common autorun locations and prompting the user whether they want to allow the creation of the key. More of an experiment into Kernel level SSDT hooks but a fun project nonetheless
- [10星][7y] [Py] nitram2342/spooky-hook WinAppDbg helper script to catch API calls
- [9星][6m] [C++] windy32/win32-console-hook-lib A light-weight console hook library for convenient console interactions
- [8星][6m] [C++] mgostih/snifferih DLL Hooking Packet Sniffer
- [8星][27d] [C++] ivan-sincek/keylogger Windows OS keylogger with a hook mechanism (i.e. with a keyboard hook procedure).
- [7星][2y] [Go] nanitefactory/hookwin10calc Reverse engineered Windows 10 Calculator.exe (UWP application) hacker. 한글/漢文을 배운 윈도우 계산기 패치.
- [5星][2y] [C++] wanttobeno/window_keyandmousehook Window Key And Mouse Hook
- [4星][10m] [C++] aschrein/apiparse Small project to learn windows dll hooking techniques based on sources of renderdoc and apitrace
- [4星][2y] [C#] trojaner/rocketplus Adding extra functionality to RocketMod API by using method hooking [Windows x64 only]. Also provides an API for .NET Method detouring
- [0星][2y] [C] vallejocc/poc-find-chrome-ktlsprotocolmethod Proof of Concept code to download chrome.dll symbols from chromium symbols store and find the bssl::kTLSProtocolMethod table of pointers (usually hooked by malware)
文章
- 2020.03 [apriorit] How to Hook 64-Bit Code from WOW64 32-Bit Mode
- 2019.10 [sentinelone] How TrickBot Hooking Engine Targets Windows 10 Browsers
- 2019.08 [contextis] Common Language Runtime Hook for Persistence
- 2019.05 [vimeo] DKOM 3.0: Hiding and Hooking with Windows Extension Hosts - Alex Ionescu, Gabrielle Viala, Yarden Shafir - INFILTRATE 2019
- 2019.04 [fsx30] Hooking Heaven’s Gate — a WOW64 hooking technique
- 2019.01 [pediy] [原创][Hook][ws2_32.dll]
- 2019.01 [4hou] 绕过EDR内存保护的新方法:NTDLL IAT Hook
- 2018.11 [aliyun] Hook深度研究:监视WOW64程序在系统中的执行情况
- 2018.03 [malwarebytes] 恶意软件Hancitor最新版除使用processhollowing注入技巧之外, 创建kernel32.dll的副本, 绕过R3 Hook监控, 躲避检测
- 2017.12 [4hou] 一篇文章教你如何检测Win API Hooks(Ring3)
- 2017.11 [rootedconmadrid] Pablo San Emeterio - WHF: Windows Hooking Framework [RootedCON 2012 - ESP]
- 2017.07 [huntingmalware] Hooking Windows events without knowing anything about C/C++
- 2017.06 [eyeofrablog] Windows 键盘记录器 Part 2: 如何检测 Part 1 中提到的Hook 方式
- 2017.05 [4hou] 利用global API hooks在Win7系统下隐藏进程
- 2017.04 [3gstudent] 利用globalAPIhooks在Win7系统下隐藏进程
- 2017.04 [3gstudent] 利用globalAPIhooks在Win7系统下隐藏进程
- 2016.06 [pediy] [原创]windows x64 hook KiSystemCall64
- 2016.01 [freebuf] DLL注入的几种姿势(一):Windows Hooks
- 2015.09 [pediy] [原创]win7 x64 下的Object Hook
- 2015.06 [codereversing] Syscall Hooking Under WoW64: Implementation (2/2)
- 2015.06 [codereversing] Syscall Hooking Under WoW64: Introduction (1/2)
- 2015.01 [debasish] qHooK - Not Just a Win32 API Hooking Script
- 2014.11 [hypervsir] Using LBR (Last Branch Record) Feature to Detect IDT-Shadowing-Based Malicious IDT Hooking
- 2014.07 [pediy] [原创]暑假浅谈系列第二帖——win7 object hook
- 2014.02 [evilsocket] How to Hook Win32 API With Kernel Patching
- 2012.09 [volatility] MoVP 3.1 Detecting Malware Hooks in the Windows GUI Subsystem
- 2012.04 [pediy] [原创]windows内核 win7 和 xp下 hook过滤KiFastCallEntry的不同之处(远离360的hook)
- 2011.09 [pediy] [原创]Windows环境下基于Hook技术的调试器及其实现(含源码)
- 2011.09 [htbridge] Inline Hooking in Windows
- 2011.08 [mista] Windows Hooks of Death: Kernel Attacks through User-Mode Callbacks
- 2011.08 [htbridge] Userland Hooking in Windows
- 2011.06 [shiftlock] Windows hooks detector
- 2011.02 [winsunxu] Windows防火墙之NDIS HOOK和TDI HOOK
- 2010.10 [pediy] [原创]hook_exitwindowsex.asm
- 2010.09 [pediy] [原创]PYdotDLL. a simple python hook engine / update 2010.9.28
- 2010.09 [redplait] ntdll official hooks
- 2010.02 [pediy] [翻译]QuietRIATT:通过HOOK DLL函数重建IAT
- 2010.02 [xyz] wince中的hook(钩子)用法
- 2010.02 [xyz] Using keyboard hooks in WinCE
- 2010.02 [xyz] wince上能够使用的hook是有限的
- 2009.11 [magictong] SetWinEventHook 事件钩子
- 2008.10 [pediy] [原创]IAT HOOK 代码注入非DLL
- 2008.05 [pediy] [原创]利用IAT hook实现windows通用密码后门
- 2006.01 [sans] KbHook.dll is Not Always Spyware
- 2005.03 [pediy] [转帖]在Windows 2003中HOOK ZwCreateProc
Linux
工具
- [140星][7m] [C] davidbuchanan314/tardis Trace And Rewrite Delays In Syscalls: Hooking time-related Linux syscalls to warp a process's perspective of time, using ptrace.
- [134星][1m] [C] poliva/ldpreloadhook a quick open/close/ioctl/read/write/free function hooker
- [94星][30d] [C] milabs/khook Linux Kernel hooking engine (x86)
- [68星][1m] [C] ilammy/ftrace-hook Using ftrace for function hooking in Linux kernel
- [45星][2m] [C] jmpews/evilelf Malicious use of ELF such as .so inject, func hook and so on.
- [35星][3y] [C] jordan9001/superhide Example of hooking a linux systemcall
- [8星][2m] [C] rafael-santiago/kook A syscall hooking system for FreeBSD, NetBSD and also Linux.
- [6星][2y] [C] sizet/lkm_parse_dns_packet linux 核心模組, 使用 netfilter IPv4 hook 監聽和分析 DNS 請求和回應封包.
- [5星][3m] [C] deb0ch/toorkit A simple useless rootkit for the linux kernel. It is a kernel module which hooks up the open() syscall (or potentially any syscall) to replace it with a custom function.
文章
- 2020.01 [mike] Hooking Linux Libraries for Post-Exploitation Fun
- 2020.01 [freebuf] Linux HIDS agent 概要和用户态HOOK(一)
- 2019.12 [knownsec404team] Linux HIDS agent Summary and User Status HOOK [1]
- 2019.12 [venus] Linux HIDS agent Summary and User Status HOOK [1]
- 2019.12 [knownsec] Linux HIDS agent 概要和用户态 HOOK(一)
- 2019.12 [aliyun] Linux下Hook方式汇总
- 2019.12 [4hou] Linux HIDS agent 概要和用户态 HOOK(一)
- 2019.12 [venus] Linux HIDS agent 概要和用户态 HOOK(一)
- 2019.12 [jm33] Hook System Calls in Linux 5.x
- 2019.12 [aliyun] Linux逆向之hook&注入
- 2019.02 [linuxgizmos] Embedded vision cams use MIPI-CSI and USB3 Vision to hook up with Linux dev boards
- 2018.10 [aliyun] Hooking linux内核函数(三):Ftrace的主要优缺点
- 2018.10 [aliyun] Hooking linux内核函数(二):如何使用Ftrace hook函数
- 2018.10 [aliyun] Hooking linux内核函数(一):寻找完美解决方案
- 2017.02 [forcepoint] Detecting register-hooking Linux rootkits with Forcepoint Second Look
- 2014.10 [allsoftwaresucks] abusing Mesa by hooking ELFs and ioctl
- 2013.12 [HackersSecurity] DEFCON 18: Function Hooking for Mac OSX and Linux
- 2013.09 [pediy] [原创]LINUX ELF HOOK DEMO源码
- 2010.03 [imthezuk] Linux functions hooking using LD_PRELOAD - for fun and profit
Apple
inspectivec
工具
- [538星][2y] [Objective-C++] davidgoldman/inspectivec objc_msgSend hook for debugging/inspection purposes.
captainhook
工具
- [577星][1y] [ObjC] rpetrich/captainhook Common hooking/monkey patching headers for Objective-C on Mac OS X and iPhone OS. MIT licensed
blockhook
工具
- [581星][5m] [C] yulingtianxia/blockhook Hook Objective-C blocks. A powerful AOP tool.
工具
- [2032星][3y] [Swift] urinx/iosapphook 专注于非越狱环境下iOS应用逆向研究,从dylib注入,应用重签名到App Hook
- [1122星][2y] [ObjC] yulingtianxia/fishchat Hook WeChat.app on non-jailbroken devices.
- [129星][6m] [C] rodionovd/rd_route Function hooking for macOS
- [123星][4m] [ObjC] smilezxlee/zxhookdetection 【iOS应用安全】hook及越狱的基本防护与检测(动态库注入检测、hook检测与防护、越狱检测、签名校验、IDA反编译分析加密协议示例)
- [68星][3y] [ObjC] alayshchen/xcodeappplugintemplate App Plugin Project Template For iOS App And Mac App. Make it easy to hook app.
- [66星][5m] [ObjC] yulingtianxia/blocktracker Tracking block args of Objective-C method based on BlockHook
- [54星][1m] [Perl] theos/logos Preprocessor that simplifies Objective-C hooking.
- [53星][4m] [ObjC] smilezxlee/zxhookutil 【iOS逆向】Tweak工具函数集,基于theos、monkeyDev
文章
- 2016.02 [360] iOS冰与火之歌番外篇 - 在非越狱手机上进行App Hook
- 2013.03 [gdssecurity] Retrieving Crypto Keys via iOS Runtime Hooking
- 2013.01 [Proteas] Hook Objective-C 的方法
Android
Hook位置
ART
arthook
工具
- [332星][4m] [Java] mar-v-in/arthook Library for hooking on ART
文章
- 2016.06 [securitygossip] ArtHook: Callee-side Method Hook Injection on the New Android Runtime ART
fasthook
工具
- [376星][4m] [C] turing-technician/fasthook Android ART Hook
- [129星][4m] [Java] turing-technician/virtualfasthook Android application hooking tool based on FastHook + VirtualApp
edxposed
工具
- [2236星][4m] [Java] elderdrivers/edxposed Riru模块,试图提供一个ART挂钩框架(最初用于Android Pie),它提供与OG xpose一致的api,利用YAHFA(或SandHook)挂钩框架,支持Android 8.0 ~ 10。
yahfa
工具
- [764星][25d] [Java] pagalaxylab/yahfa Yet Another Hook Framework for ART
- [128星][2y] [Java] bmax121/budhook An Android hook framework written like Xposed,based on YAHFA.
文章
- 2018.01 [360] YAHFA--ART环境下的Hook框架
Substrate
hooker
工具
- [372星][29d] [Py] androidhooker/hooker Android应用程序动态分析。自动拦截和修改目标应用程序发出的任何API调用(利用Substrate )
virtualhook
工具
- [571星][25d] [Java] pagalaxylab/virtualhook 基于VirtualApp的Android应用Hook工具
- [58星][8m] [Java] nightoftwelve/virtualhookex Android application hooking tool based on VirtualHook/VirtualApp
文章
- 2017.04 [pediy] [原创]VirtualHook: 基于VirtualApp的Java代码hook工具
sandhook
工具
- [708星][4m] [Java] ganyao114/sandhook Android ART Hook/Native Inline Hook/Single Instruction Hook - support 4.4 - 10.0 32/64 bit - Xposed API Compat
legend
工具
- [1463星][1m] [Java] aslody/legend (Android)无需Root即可Hook Java方法的框架, 支持Dalvik和Art环境
xhook
工具
- [1741星][25d] [C] iqiyi/xhook a PLT (Procedure Linkage Table) hook library for Android native ELF
androideagleeye
工具
- [429星][4y] [Makefile] mindmac/androideagleeye 一个基于xposed和adbi的模块,能够Hook Android操作系统的Java和原生方法
工具
- [1990星][27d] [Java] tiann/epic 动态java方法AOP钩子用于Android(Dexposed on ART的延续),支持4.0~10.0
- [1763星][2y] [Java] ac-pm/inspeckage 使用api钩子进行动态分析,启动未导出的活动等等。(Xposed模块)
- [789星][2y] [C] ele7enxxh/android-inline-hook thumb16 thumb32 arm32 inlineHook in Android
- [575星][27d] [Java] aslody/andhook Android dynamic instrumentation framework
- [541星][4m] [Java] windysha/xpatch 个重新打包apk文件的工具,然后apk可以加载安装在设备中的任何xposed模块
- [448星][5y] [C++] boyliang/allhookinone all method hook approachs for android such as dalvik hook, art hook, elf hook and inline hook
- [401星][5m] [Java] pqpo/inputmethodholder 通过hook(InputMethodManager)监听系统键盘显示(Android)
- [291星][1m] [Py] antojoseph/frida-android-hooks Lets you hook Method Calls in Frida ( Android )
- [220星][2y] [C] gtoad/android_inline_hook 构建一个so文件来自动执行android_native_hook工作
- [216星][3y] [Java] zhengmin1989/wechatsportcheat 手把手教你当微信运动第一名 – 利用Android Hook进行微信运动作弊
- [195星][6m] [Java] panhongwei/androidmethodhook android art hook like Sophix
- [190星][5m] [C++] aslody/elfhook modify PLT to hook api, supported android 5\6.
- [179星][1m] [Java] 546669204/wechatbot-xposed A WeChat robot unit ,based on the android xposed framework hook to implement WeChat app robot functions
- [148星][5m] [Java] zhouat/inject-hook for android
- [120星][4m] [C++] melonwxd/elfhooker 兼容Android 32位和64位。基于EFL文件格式Hook的demo,hook了SurfaceFlinger进程的eglSwapBuffers函数,替换为new_eglSwapBuffers
- [104星][5y] [Java] rednaga/dexhook DexHook is a xposed module for capturing dynamically loaded dex files.
- [99星][2y] [Java] piasy/fridaandroidtracer A runnable jar that generate Javascript hook script to hook Android classes.
- [99星][4m] [C++] woxihuannisja/stormhook StormHook is a Android Hook Framework for Dalvik and Art
- [63星][28d] [JS] northwavenl/fridax Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.
- [56星][1m] [Rust] nccgroup/assethook LD_PRELOAD magic for Android's AssetManager
- [51星][2m] [Py] hrkfdn/deckard Deckard performs static and dynamic binary analysis on Android APKs to extract Xposed hooks
- [51星][5y] [C++] ikoz/androidsubstrate_hookingc_examples AndroidSubstrate_hookingC_examples
- [48星][5m] [C] shunix/androidgothook GOT Hook implemented in Android
- [42星][29d] [C++] chickenhook/chickenhook A linux / android / MacOS hooking framework
- [34星][2m] [TS] igio90/frida-onload Frida module to hook module initializations on android
- [25星][3m] [C++] dodola/dinlinehook simple art inline hook
- [23星][6m] [C++] legendl3n/smarthooker The smartest hooking library.
- [17星][29d] [Py] margular/frida-skeleton 本项目旨在帮助安卓测试工程师更方便地hook apk,并且自带证书绑定绕过功能
- [17星][25d] [C++] vito11/camerahook An prototype to hook android camera preview data of third-party and system apps
- [15星][2m] [Java] pnfsoftware/jeb2-andhook
- [2星][4y] [Java] nodoraiz/latchhooks Hack for Android app hooking using latch
- [0星][4y] serval-snt-uni-lu/hookranker Automatically Locating Malicious Payload in Piggybacked Android Apps (A Hook Ranking Approach)
- [None星][C] gtoad/android_inline_hook_arm64 Build an .so file to automatically do the android_native_hook work. Supports ARM64 ! With this, tools like Xposed can do android native hook.
- [None星][C++] rprop/and64inlinehook Lightweight ARMv8-A(ARM64, AArch64, Little-Endian) Inline Hook Library for Android C/C++
- [None星][Py] fanxs-t/android-ssl_read-write-hook Hook SSL_read and SSL_write functions in the Android application with Frida.
文章
- 2019.01 [fuping] 安卓APP测试之HOOK大法-Xposed篇
- 2019.01 [pediy] [原创]尝试着实现了一个 ART Hook
- 2019.01 [fuping] 安卓APP测试之HOOK大法-Frida篇
- 2019.01 [pediy] [原创]介召几个frida在安卓逆向中使用的脚本以及延时Hook手法
- 2018.11 [bugbountywriteup] Android Hook — ASIS CTF Final 2018 — Gunshops Question Walkthrough
- 2018.09 [pediy] [原创]Android Hook 系列教程(二) 自己写APK实现Hook Java层函数
- 2018.09 [pediy] [原创]Android Hook 系列教程(一) Xposed Hook 原理分析
- 2017.11 [pediy] [原创]Epic——ART上的Dexposed(无侵入式Hook框架)
- 2017.08 [pediy] [原创]StormHook:Android侵入式Hook框架
- 2017.06 [4hou] AssetHook:Android应用资源数据运行时编辑工具
- 2017.05 [pediy] [原创]全能HOOK框架 JNI NATIVE JAVA ART DALVIK
- 2017.03 [aliyun] 浅谈Android Hook技术
- 2017.02 [360] 使用高级反调试与反HOOK的安卓恶意ROOT软件的深度分析(二):JAVA层分析
- 2017.02 [360] 使用高级反调试与反HOOK的安卓恶意ROOT软件的深度分析(一):NATIVE层的调试
- 2017.01 [360] hook Android系统调用的乐趣和好处
- 2017.01 [pediy] [原创]安卓Hook函数的复杂参数如何给定?
- 2016.09 [pediy] [分享]Hook Android C代码基础总结
- 2016.03 [sensepost] Android hooking with Introspy
- 2016.01 [ele7enxxh] Android Arm Inline Hook
- 2016.01 [freebuf] Android系统调用hook研究(一)
- 2015.12 [d3adend] Android Anti-Hooking Techniques in Java
- 2015.12 [d3adend] Android Anti-Hooking Techniques in Java
- 2015.11 [pediy] [原创]开源 Android inline hook
- 2015.09 [pediy] [原创]Android5.1 Art Hook 技术分享,求加精转正式会员
- 2015.09 [360] 手把手教你当微信运动第一名 – 利用Android Hook进行微信运动作弊
- 2015.06 [koz] Substrate - hooking C on Android
- 2015.05 [evilsocket] Android Native API Hooking With Library Injection and ELF Introspection.
- 2015.04 [L173864930] Android Art Hook 技术方案
- 2015.01 [freebuf] 使用渗透测试框架Xposed Framework hook调试Android APP
- 2015.01 [attify] Xposed Framework for Android Hooking
- 2015.01 [attify] Xposed Framework for Android Hooking
- 2014.11 [ele7enxxh] Android GOT表HOOK技术
- 2014.10 [L173864930] 基于Android的ELF PLT/GOT符号重定向过程及ELF Hook实现(by 低端码农 2014.10.27)
- 2014.10 [pediy] [原创]基于Android的ELF PLT/GOT符号重定向过程及ELF Hook实现
- 2014.08 [Roland] Android平台下Dalvik层hook框架ddi的研究
- 2014.06 [Roland] Android平台下hook框架adbi的研究(下)
- 2014.06 [Roland] Android平台下hook框架adbi的研究(上)
- 2014.03 [pediy] [原创]注入安卓进程,并hook java世界的方法
- 2013.12 [u011069813] Android中的so注入(inject)和挂钩(hook) - For both x86 and arm
- 2013.11 [] Android下通过hook技术实现透明加解密保障数据安全
- 2013.08 [jinzhuojun] Android中的so注入(inject)和挂钩(hook) - For both x86 and arm
- 2013.07 [u011069813] android hook api
新添加
Inline-Hook
工具
- [277星][3y] [C++] gellin/teamviewer_permissions_hook_v1 可注入的c++ dll,它使用裸内联连接和直接内存修改来更改您的TeamViewer权限
- [212星][3y] [C] silvermoonsecurity/passivefuzzframeworkosx This framework is for fuzzing OSX kernel vulnerability based on passive inline hook mechanism in kernel mode.
- [75星][2y] [C] chinatiny/inlinehooklib 同时支持用户和内核模式的Inlinehook库
- [67星][5y] [C] malwaretech/basichook x86 Inline hooking engine (using trampolines)
- [15星][3m] [C] zzy590/basiclibpp A powerful library for inline-hook,lock,compress etc,and it is useful for anti-virus software.
- [14星][2y] [C] gtoad/android_inline_hook_arm_example
- [10星][2y] [C] gtoad/android_inline_hook_thumb_example
- [4星][2y] [C++] wanttobeno/ade32_inlinehook 基于ADE32的inlineHook
文章
- 2019.06 [aliyun] 手游外挂基础篇之inline-hook
- 2018.11 [n0where] Investigate Inline Hooks: PE-sieve
- 2018.04 [pediy] [原创]unity3d手游破解(三)--基于inline hook
- 2018.04 [pediy] 分享一个任意点hook的inlinehook库(同时支持用户和内核)
- 2018.04 [pediy] [原创]inlineHook学习分析
- 2017.12 [pediy] [翻译]理解/检测 Inline Hooks/ WinAPI Hooks (Ring3)
- 2017.12 [userpc] 理解/检测内联 Hook 和 WinAPI Hook
- 2017.07 [pediy] dexdump 介绍
- 2017.06 [pediy] [原创] 重载可执行文件实现高效inline-hook 【源码】
- 2016.09 [0x00sec] User Mode Rootkits: IAT and Inline Hooking
- 2015.11 [ele7enxxh] ARM平台backtrace与inlineHook多线程安全浅析
- 2015.02 [pediy] [原创]Cydia Substrate Inline Hook若干bug修复方案
- 2014.12 [pediy] [原创]inline hook 入门教程
- 2014.05 [pediy] [原创]inline hook
- 2014.01 [pediy] [原创]x64 ring3 inline-hook
- 2013.10 [pediy] [原创]Inline hook中继函数通用汇编宏
- 2013.09 [debasish] Inline API Hooking using DLL Injection
- 2013.09 [pediy] [原创]InlineHook网络数据发送接收函数(反钓鱼,反盗号)
- 2013.06 [pediy] 比较稳定的ring3 API HeadInline HOOK,QQ显IP。。
- 2013.04 [pediy] [原创]Hide your InlineHook in Xuetr、Gmer、RKU、KD(技术解封专题)
- 2013.03 [pediy] [原创]ring3下的Inline hook
- 2012.08 [pediy] [原创]hook类,支持inline hook,ita hook,输出 表hook,过滤等等功能,申请加精
- 2012.08 [pediy] [分享]再来一种内核 inlinehook 的隐藏方法
- 2012.05 [crowdstrike] ARMv7/Thumb2 Inline Code Hooking
- 2012.02 [pediy] [原创]自己动手,制作inline hook扫描工具
- 2012.01 [pediy] [原创]C++还原ring3 Inline Hook(附源码)
- 2011.07 [pediy] [原创]小菜也玩inline hook -------GetWindowText
- 2011.05 [pediy] [原创]发一个自己平时用的简单inlinehook的类
- 2011.02 [pediy] [己解决]inline hook的恢复
- 2011.01 [pediy] [原创]inline-hook和object双HOOK联合调用拒绝WIN打开服务
- 2010.08 [pediy] [原创]ring0 head inline hook lib
- 2010.04 [pediy] [原创]内核所有模块导出函数inlinehook检测
- 2010.02 [pediy] [原创]如何InlineHook IoCallDriver来保护文件
- 2009.11 [pediy] [原创]菜鸟理解的inlineHook的要点(RootkitUnhook无法检测)
- 2009.11 [pediy] [原创]inlineHook的入学者的拙见
- 2009.09 [pediy] [原创]详谈内核三步走Inline Hook实现
- 2009.09 [pediy] [原创]绕过函数头INLINE HOOK
- 2009.07 [pediy] [原创]inline hook NtQuerySystemInformation 保护进程
- 2009.03 [pediy] [原创]山寨Fsd Inline Hook
- 2008.11 [pediy] [原创]放个inline Hook的工程
- 2008.09 [pediy] [原创]简单的双核下inline hook.r3
- 2008.08 [pediy] [原创]ring3 & ring0 通用InlineHook代码(修补)
- 2008.07 [pediy] [原创]Ring3下Inline Hook MessageBox(演示)
- 2008.05 [pediy] [原创]简单inline hook ObReferenceObjectByHandle保护进程和屏蔽文件执行
- 2008.05 [pediy] [原创]fsd inline hook
- 2008.05 [pediy] [分享]inline hook NtQueryDirectoryFile
- 2008.04 [pediy] [原创]inline hook和IDT hook结合
- 2008.04 [pediy] [原创]inline hook未导出函数PspTerminateProcess
- 2008.01 [pediy] [原创]rootkit hook之[三] inline hook
- 2008.01 [pediy] [分享]射-->XP/2003/VISTA的简单INLINE HOOK
- 2006.07 [pediy] [翻译]InLine Patching Protected Application By Hook API Function
- 2006.03 [pediy] [转帖]kernel inline hook
Syscall-Hook
工具
- [18星][1y] [C] plexsolutions/readhook Red-team tool to hook libc read syscall with a buffer overflow vulnerability.
文章
- 2016.12 [360] Rootkit技术入门:从syscall到hook!
API-Hook
工具
- [509星][1m] [C++] 0x09al/rdpthief Extracting Clear Text Passwords from mstsc.exe using API Hooking.
- [315星][4m] [C] outflanknl/dumpert LSASS memory dumper using direct system calls and API unhooking.
- [304星][2y] [C] nektra/deviare2 Deviare API Hook
- [136星][4m] [C] hoshimin/hooklib The functions interception library written on pure C and NativeAPI with UserMode and KernelMode support
- [54星][5m] [C] passingtheknowledge/ganxo An opensource API hooking framework
- [40星][3y] [C++] tanninone/usvfs library using api hooking to implement process-local filesystem-independent file links.
- [35星][4m] [C++] xrivendell/pcsgolh PCSGOLH - Pointless Counter-Strike: Global Offensive Lua Hooks. A open-source Lua API for CS:GO hacking written in modern C++
- [28星][6m] [JS] shanselman/daskeyboard-q-nightscout Hooking up the DasKeyboard Q REST API to change the key colors in response to diabetic's glucose from NightScout
- [11星][2m] [Pascal] oranke/proxy-dll-generator PROXY DLL Generator / for very simple API Hooking.
- [9星][4y] [C++] jonasblunck/dynhook Example library for how to dynamically/statically hook/intercept unmanaged functions and APIs
- [9星][3m] [C++] hidd3ncod3s/runpedmp RunPE dump - I wrote this to have better control over the analysis of malwares. I can stop and analysis malware when it uses some of the API's i hook and to dump the memory while it is using RunPE/PH techniques.
- [8星][4m] [C++] nybble04/shady-hook Hooking API calls of a Ransomware
- [4星][2y] [C++] a7031x/hookapi Handy way to hook x86 or x64 API
- [4星][29d] [C] microwave89/ntapihook Attempt to Create a Simple and Light-weight Hook Engine Without Use of an LDE
- [None星][C++] vovkos/protolesshooks API monitoring via return-hijacking thunks; works without information about target function prototypes.
文章
- 2020.05 [apriorit] 3 Effective DLL Injection Techniques for Setting API Hooks
- 2019.12 [trendmicro] Waterbear is Back, Uses API Hooking to Evade Security Product Detection
- 2019.11 [hakin9] RdpThief - Extracting Clear Text Passwords from mstsc.exe using API Hooking
- 2019.11 [steve] Equifax is Nowhere Near Off the Hook and CapitalOne Should be Scared.
- 2019.08 [bromium] Agent Tesla: Evading EDR by Removing API Hooks
- 2018.04 [OALabs] Unpacking VB6 Packers With IDA Pro and API Hooks (Re-Upload)
- 2018.01 [OALabs] Analyze JavaScript and VBScript Malware With x64dbg Debugger and API Hooking
- 2017.06 [lallouslab] Introducing Ganxo v0.1 – An open source API hooking framework
- 2017.05 [] Introducing Ganxo v0.1 Alpha – An open source API hooking framework
- 2016.12 [adelmas] API Hooking with IDA Pro
- 2016.01 [pediy] [原创]简单易用,并且最全,也适合初学者的API HOOK
- 2015.06 [pediy] [原创][封装]简单易用的Api Hook函数 - MyApiHookFun
- 2014.03 [pediy] [原创]runas自动输入密码(使用api hook实现)
- 2013.05 [pediy] [原创]无需偷代码的API HOOK
- 2013.04 [pediy] [原创]小菜关于VC6release版本程序无法HOOK目标API的问题的探究
- 2013.04 [pediy] [求助]VC6release版本程序的HOOK函数无法实现对导入表中目标API的覆盖
- 2013.01 [volatility] HowTo: Extract "Hidden" API-Hooking BHO DLLs
- 2012.06 [pediy] [原创]hookQQ-API拦截QQ聊天记录-有图有码
- 2012.04 [pediy] [原创]API HOOK 辅助工具(开源)
- 2012.02 [pediy] [原创]API HOOK限制指定目录下的程序创建进程
- 2012.02 [vxsecurity] ApiMapSet Hooking (short guide)
- 2011.06 [pediy] [翻译]API hooking revealed(自己翻译的)
- 2011.02 [codereversing] API Hooking Through Near Call Replacement
- 2010.11 [pediy] [原创]HOOK API 入门讲解, 高手请飘过
- 2010.10 [pediy] [原创]打造史上最完整APIHOOK完整开发库
- 2010.09 [pediy] [原创]关于壳中APIHOOK的一点点解析
- 2010.07 [pediy] [原创]Ring3层Native API hook 的实现
- 2010.06 [pediy] [原创][更新]Extreme HookEngine——Ring3 API Hook 静态库
- 2009.05 [pediy] [原创]HOOK API续之模拟覆盖法 实例 AntiDesktop
- 2009.05 [pediy] [原创]dll 全局api hook 一例(附代码)
- 2009.04 [pediy] [分享]Delphi的LPK的APIHOOK源码
- 2009.04 [pediy] [原创]简单hook api 的实现
- 2008.09 [evilcodecave] Fast ApiSpy (of DeviceIoControl) via oSpy2 Defined Hook
- 2008.08 [pediy] [原创]汇编ring3下实现HOOK API续之模拟覆盖法
- 2008.06 [pediy] [原创]扫盲之Api Hook 细析(一)
- 2008.04 [pediy] [原创]Hook Api Library 0.2[Ring0]& LDE32引擎[Ring0] For Delphi
- 2008.04 [pediy] [原创]Hook Api lib 0.5 - 2008.04.16更新
- 2008.01 [pediy] [原创]Hook Api lib 0.4 for C
- 2007.11 [pediy] [原创]HookApi中学习PE文件格式(二)[原创]
- 2007.11 [pediy] [原创]HookApi中学习PE文件格式(一)[原创]
- 2007.11 [pediy] [原创]一个纯汇编写的Hook API的例子!!!
- 2007.09 [pediy] [原创]汇编ring3下实现HOOK API续之备份函数法 (非安全 )
- 2007.08 [pediy] [分享]HOOK API LIB 0.3 for VC
- 2007.08 [pediy] [分享]API Hook程序
- 2007.07 [pediy] [原创]关于RegisterUserApiHook
- 2007.07 [pediy] [原创]hook api 反OD调试的一种思路
- 2007.07 [pediy] [原创]Anti HookAPI学习笔记
- 2007.05 [pediy] HookAPI 1.62
- 2007.05 [pediy] [原创]汇编ring3下实现HOOK API续之备份函数法
- 2007.03 [pediy] [分享]西裤哥的 Hook Api Lib 0.2 For C
- 2007.02 [trendmicro] GOOGLE AJAX API Hooked
- 2007.01 [pediy] [原创]API-HOOK and ANTI-API-HOOK For Ring3
- 2006.12 [pediy] [分享]HOOK API Lib 0.1 For Delphi
- 2006.12 [pediy] .........关于绕行HOOK ,跳过API拦截的讨论..........
- 2006.09 [pediy] 纯Delphi实现,Hook API实现进程隐藏代码!
- 2006.07 [pediy] 汇编ring3下实现HOOK API[原创]
- 2006.03 [pediy] [转帖]HOOK其他进程API和全局HOOK-API
- 2006.03 [pediy] [转帖] 修改IAT,HOOK API
- 2006.03 [pediy] [转帖]覆盖地址HOOK API
- 2005.08 [pediy] ApiHook,InjectDll 单元及其应用 [Delphi代码]
- 2005.08 [pediy] Hook API lib (含源码)
Un-Hook
工具
- [128星][2y] [C] cylancevulnresearch/reflectivedllrefresher Universal Unhooking
- [23星][6m] [C++] apriorit/simple-antirootkit-sst-unhooker This is a demo project to illustrate the way to verify and restore original SST in case of some malware hooks
文章
- 2017.03 [cylance] Cylance vs. Universal Unhooking Attack
- 2017.03 [4hou] 如何使用Unhook技术绕过安全软件的防护?
- 2017.02 [cylance] Universal Unhooking: Blinding Security Software
工具
- [302星][29d] [Py] boppreh/mouse Hook and simulate global mouse events in pure Python
- [220星][2y] [C++] bromiumlabs/packerattacker C++ application that uses memory and code hooks to detect packers
- [219星][4m] [C] silight-jp/mactype-patch MacType Patch for DirectWrite Hook
- [202星][6m] [ObjC] lmsgsendnilself/hookstatistics Logging args based on AOP(Aspectoriented programming)by Method Swizzling
- [175星][27d] [C] kubo/funchook Hook function calls by inserting jump instructions at runtime
- [151星][6m] [C] zmrbak/pcwechathook 云课堂《2019 PC微信 探秘》示例代码
- [150星][28d] [C] vmcall/dxgkrnl_hook C++ graphics kernel subsystem hook
- [144星][2m] [Py] ethanhs/pyhooked Pure Python hotkey hook, with thanks to pyHook and pyhk
- [141星][6m] [C++] hasherezade/iat_patcher Persistent IAT hooking application - based on bearparser
- [140星][30d] [Py] safebreach-labs/pyekaboo Proof-of-concept program that is able to to hijack/hook/proxy Python module(s) thanks to $PYTHONPATH variable
- [139星][10m] [C#] unknownv2/corehook A library that simplifies intercepting application function calls using managed code and the .NET Core runtime
- [132星][2y] [C++] m0n0ph1/iat-hooking-revisited Import address table (IAT) hooking is a well documented technique for intercepting calls to imported functions.
- [128星][9m] [Go] bshuster-repo/logrus-logstash-hook
- [125星][1m] [C] gdabah/distormx The ultimate hooking library
- [118星][29d] [JS] skepticfx/hookish Hooks in to interesting functions and helps reverse the web app faster.
- [116星][2m] [Go] mattbostock/go-ldpreload-backdoor LD_PRELOAD libc hooking using Go
- [114星][2m] [Ruby] spiderlabs/beef_injection_framework Inject beef hooks into HTTP traffic and track hooked systems from cmdline
- [110星][2m] [C] hc0d3r/sudohulk 使用ptraceHook系统调用execve, 监控并修改sudo命令的参数
- [109星][1m] [Py] eset/vba-dynamic-hook dynamically analyzes VBA macros inside Office documents by hooking function calls
- [109星][4m] [Py] infertux/zeyple Postfix filter/hook to automatically encrypt outgoing emails with PGP/GPG
- [106星][2m] [Java] pqpo/methodhook hook java methods
- [105星][1m] [Py] c0demap/codemap Hook IDA,调试命中断点时将寄存器/内存信息保存到数据库,在web浏览器中查看
- [99星][4y] [C] ionescu007/hookingnirvana Recon 2015 Presentation from Alex Ionescu
- [96星][8m] [C++] dzzie/vs_libemu Visual Studio 2008 port of the libemu library that includes scdbg.exe, a modification of the sctest project, that includes more hooks, interactive debugging, reporting features, and ability to work with file format exploit shellcode.
- [93星][2m] [JS] oalabs/frida-wshook Script analysis tool based on Frida.re
- [89星][2m] [C] xpn/ssh-inject A ptrace POC by hooking SSH to reveal provided passwords
- [88星][6y] [C] chokepoint/crypthook TCP/UDP symmetric encryption tunnel wrapper
- [88星][4m] [R] lorenzwalthert/precommit pre-commit hooks for R projects
- [83星][2m] [Py] enigmabridge/certbot-external-auth Certbot external DNS, HTTP, TLSSNI domain validation plugin with JSON output and scriptable hooks, with Dehydrated compatibility
- [83星][1m] [C] smealum/udsploit UDS exploit + kernel hooks for 11.3
- [82星][2m] [JS] pnigos/hookjs javascript function hook
- [79星][2m] [C++] cseagle/collabreate Hook IDA的事件通知,将事件涉及的修改内容广播到中心服务器,中心服务器转发给其他分析相同文件的用户
- [79星][29d] [Pascal] delphilite/delphihookutils Delphi Hooking Library by Lsuper
- [77星][1m] [C] dodola/fbhookfork 从 fb 的 profilo 项目里提取出来的hook 库,自己用
- [76星][29d] [C++] secrary/hooking-via-instrumentationcallback codes for my blog post:
- [75星][2y] [C++] hrbust86/hookmsrbysvm hook msr by amd svm
- [73星][1m] [C] nektra/vtbl-ida-pro-plugin Identifying Virtual Table Functions using VTBL IDA Pro Plugin + Deviare Hooking Engine
- [71星][30d] [C++] petrgeorgievsky/gtarenderhook GTA SA rendering hook
- [71星][2m] [C] zyantific/zyan-hook-engine Advanced x86/x86-64 hooking library (WIP).
- [69星][1y] [Java] bolexliu/apptrack Xposed HookAPP逆向跟踪工具,跟踪Activity与Fragment启动信息等
- [66星][7y] [C] chokepoint/jynx2 JynxKit2 is an LD_PRELOAD userland rootkit based on the original JynxKit. The backdoor has been replaced with an "accept()" system hook.
- [64星][5m] [C++] changeofpace/mouhidinputhook MouHidInputHook enables users to filter, modify, and inject mouse input data packets into the input data stream of HID USB mouse devices without modifying the mouse device stacks.
- [63星][5m] [C++] urshadow/urmem C++11 cross-platform library for working with memory (hooks, patches, pointer's wrapper, signature scanner etc.)
- [60星][5m] [C] respeak/ts3hook Teamspeak 3 Hook
- [60星][2m] [Makefile] genuinetools/upmail Email notification hook for
- [60星][4m] [C#] indieteur/globalhooks Allows you to create global keyboard events
- [59星][3m] [C] codectile/paradise x86/x86-64 hooking library
- [58星][2m] [Ruby] jbjonesjr/letsencrypt-manual-hook Allows you to use dehydrated (a Let's Encrypt/Acme Client) and DNS challenge response with a DNS provider that requires manual intervention
- [57星][1m] [Swift] unixzii/swiftui-hooks A PoC for implementing hooks in SwiftUI
- [55星][5y] [C++] malwaretech/fsthook A library for intercepting native functions by hooking KiFastSystemCall
- [54星][2y] [Py] stormshadow07/beef-over-wan Browser Exploitation Framework is a Open-source penetration testing tool that focuses on browser-based vulnerabilities .This Python Script does the changes Required to make hooked Linked Accessible Over WAN .So anyone can use this framework and Attack Over WAN without Port Forwarding [NGROK or any Localhost to Webhost Service Required ]
- [53星][2y] [C] chen-charles/pedetour modify binary Portable Executable to hook its export functions
- [52星][4y] [C] zhuhuibeishadiao/pfhook Page fault hook use ept (Intel Virtualization Technology)
- [51星][4y] breakingmalwareresearch/captain-hook
- [48星][6m] [Java] greywolf007/mobileq750hook MobileQ750Hook
- [48星][2m] [C] jay/gethooks GetHooks is a program designed for the passive detection and monitoring of hooks from a limited user account.
- [47星][27d] [Py] safebreach-labs/backdoros backdorOS is an in-memory OS written in Python 2.7 with a built-in in-memory filesystem, hooks for open() calls and imports, Python REPL etc.
- [45星][2y] [C++] coltonon/reghookex External mid-function hooking method to retrieve register data
- [44星][1m] [C] l1nuxdotfun/spacehook minecraft premium undeteck cheat!
- [42星][1y] [C] dzzie/hookexplorer technical tool to analyze a process trying to find various types of runtime hooks. Interface and output is geared torwards security experts. Average users wont be able to decipher its output.
- [41星][9y] [C++] cr4sh/ptbypass-poc Bypassing code hooks detection in modern anti-rootkits via building faked PTE entries.
- [41星][5m] [JS] gaoding-inc/runtime-hooks
- [41星][3m] [Py] killswitch-gui/lterm lterm is a small script built to install a bash hook for full terminal logging.
- [41星][4m] [C] ntraiseharderror/antihook PoC designed to evade userland-hooking anti-virus.
- [39星][1m] [C] dodola/traphook
- [38星][27d] [C++] ganyao114/sandboxhookplugin demo for inject & hook in sandbox
- [36星][1m] [C] harvie/libpurple-core-answerscripts Most-hackable Pidgin plugin! Framework for hooking scripts to respond received messages for various libpurple clients such as pidgin or finch
- [36星][2y] [C#] roshly/ayyhook-loader A Free Open Source Cheat Loader
- [35星][2y] [C++] nickcano/reloadlibrary A quick-and-dirty anti-hook library proof of concept.
- [34星][6m] [Py] eset/volatility-browserhooks Volatility Framework plugin to detect various types of hooks as performed by banking Trojans
- [33星][2m] [JS] gr2m/before-after-hook wrap methods with before/after hooks
- [32星][5m] idkwim/frooksinatra POC of sysenter x64 LSTAR MSR hook
- [32星][2m] [C++] rokups/hooker Minimalistic hooking library written in C
- [32星][7m] [ObjC] zjjno/interface-inspector-hook Interface Inspector破解
- [31星][7m] [C++] ayuto/dynamichooks A C++ library to create function hooks dynamically, so you can easily embed it into other programming languages..
- [31星][5m] [C++] hoangprod/leospecial-veh-hook Vectored Exception Handling Hooking Class
- [30星][4y] [C] scorchsecurity/toast User-mode hook bypassing method
- [30星][1y] [ObjC] nododo/hookdouyin iOS逆向:如何让抖音自动播放下一个视频(懒人癌)
- [29星][26d] [Kotlin] godtoy/wework-hook-example 企业微信xposed-hook,企业微信Hook,消息收发,自动爆粉
- [29星][2m] [C] robotn/gohook GoHook, Go global keyboard and mouse hook
- [28星][3y] [Py] tr3jer/autohookspider 将自动爬虫的结果判断是否属于hooks,并不断抓取url爬啊爬。
- [27星][1m] [Java] mx-futhark/hook-any-text The goal of this project is to provide an alternative to well established text hookers, whose features are restrained to a certain number of game engines and emulators.
- [27星][2m] [C++] strobejb/sslhook OpenSSL hooking
- [27星][1m] [C++] aixxe/cstrike-basehook-linux Internal project base for Counter-Strike: Source on Linux.
- [27星][30d] [Shell] kintoandar/pre-commit pre-commit hook terraform; pre-commit hook prometheus
- [26星][3y] [C++] ilyatk/hookengine
- [26星][3m] [C#] nytrorst/hookme Exported from
- [25星][3y] [C++] bronzeme/ssdt_hook_x64
- [25星][2m] [Py] esss/hookman A plugin management system in python to applications (in totally or partially) written in C++.
- [25星][1m] [Py] rbeuque74/letsencrypt-ovh-hook Let's Encrypt hook for DNS validation for OVH domains
- [24星][6y] [C] jyang772/hideprocesshookmdl A simple rootkit to hide a process
- [23星][6m] [Java] jackuhan/loginhook xposed的hook案例
- [22星][3m] [C#] reloaded-project/reloaded.hooks Advanced native function hooks for x86, x64. Welcome to the next level!
- [21星][1y] [C#] michel-pi/lowlevelinput.net A thread safe and event driven LowLevelMouse and LowLevelKeyboard Hook
- [21星][5m] [ObjC] zjjno/cornerstonehook Cornerstone破解
- [20星][1m] [Py] orndorffgrant/bnhook binary ninja plugin for adding custom hooks to executables
- [20星][6y] [C] tongzeyu/hooksysenter hook sysenter,重载内核,下硬件断点到debugport,防止debugport清零
- [20星][4m] [Swift] kealdishx/swiftloadhook Use a hack way to achieve similar functions as Load() or initialize() in OC
- [19星][29d] [JS] cynops/frida-hooks
- [17星][2y] [JS] compewter/whoof Web Browser Hooking Framework. Manage, execute and assess web browser vulnerabilities
- [17星][3y] [C] zhuhuibeishadiao/kernelhooksdetection_x64 x64 Kernel Hooks Detection
- [16星][3m] [C] osrdrivers/penter penter hook example and driver time recorder
- [15星][4y] [C++] gfreivasc/vmthook Virtual Method Table Hook
- [14星][2m] [C] hasherezade/loaderine A demo implementation of a well-known technique used by some malware to evade userland hooking, using my library: libpeconv.
- [14星][5m] [C] manicstreetcoders/appinitglobalhooks-mimikatz Hide Mimikatz From Process Lists
- [14星][28d] [JS] duolingo/pre-commit-hooks Standardizing our code quality tooling
- [12星][7m] [C++] mgeeky/prc_xchk User-mode process cross-checking utility intended to detect naive malware hiding itself by hooking IAT/EAT.
- [11星][7m] [C] david-reguera-garcia-dreg/emuhookdetector hook detector using emulation and comparing static with dynamic outputs
- [11星][1y] [C++] scorbutics/iathook A library that allows hook any imported function from the IAT (works only in x64)
- [10星][9m] [ObjC] elegantliar/wechathook iOS非越狱 逆向微信实现防撤回, 修改步数
- [10星][3m] [C] u2400/libc_hook_demo 一个HIDS agent端的demo
- [9星][9m] [C++] david-grs/mtrace simple c++ hooks around malloc/realloc/free
- [8星][10m] coolervoid/bank_mitigations Anti keylogger, anti screen logger... Strategy to protect with hookings or improve your sandbox with spyware detection... - Demo
- [8星][2m] [C++] cyrex1337/hook.lib easy detour-, vftable-, iat- and eathooking
- [8星][2m] [C] david-reguera-garcia-dreg/cgaty Hooking the GDT - Installing a Call Gate. POC for Rootkit Arsenal Book Second Edition
- [8星][3y] [C] hollydi/ring0hook
- [8星][1y] [Swift] zhangkn/hookingcmethods Hooking & Executing Code with dlopen & dlsym ---Easy mode:hooking C methods
- [7星][1y] [C++] codereversing/sehveh_hook Hooking functions with structured and vectored exception handling
- [7星][3y] [Java] fuhuiliu/xposedhooktarget Xposed 插件基础开发之Hook目标
- [7星][8y] [C++] wyyqyl/hookiat
- [6星][6y] [C#] aristocat/keyhook A C# library for general hot keys.
- [6星][5m] [Java] lailune/slrrmultiplayer Street Legal: Redline hook-based Multiplayer modification
- [4星][3y] [C++] blaquee/apchook hooking KiUserApcDispatcher
- [4星][2y] [ObjC] corzfree/hookwx 逆向工具
- [4星][2y] [C++] m0rtale/universal-wndproc-hook Universal WndProc Hook for x86 and x64
- [4星][1y] [C] nikolait/chess-com-cheat Library that hooks into PR_Write() and PR_Read() in firefox processes and manipulates WebSocket Messages to cheat on chess.com
- [4星][6y] [C++] simonberson/chromeurlsniffer Hook to Chrome Browser URL and show the current URL on simple textbox
- [3星][2y] [ObjC] susnmos/xituhook 逆向分析及修复稀土掘金iOS版客户端闪退bug
- [2星][4m] [Py] swarren/uboot-test-hooks Example "hook" scripts for the U-Boot test framework
- [2星][2y] [C] synestraa/archultimate.hooklib ArchUltimate hook library
- [2星][2m] [C] carlomara/qemu-ioctl-hooks Code samples for blog post
- [1星][1y] [TS] larkintuckerllc/hello-hooks
- [1星][1y] [C++] smore007/remote-iat-hook Remote IAT hook example. Useful for code injection
- [1星][2y] [ObjC] wpstarnice/hookstatistics
- [1星][2y] [C++] zuhhcsg0/nebulahook
- [1星][2y] [C] chocolateboy/b-hooks-op-annotation A Perl module which allows XS modules to annotate and delegate hooked OPs
- [1星][5m] [C++] fireboyd78/d3hook The magnificent hooking framework for Driv3r.
- [0星][1y] [Rust] badboy/travis-after-all-rs The missing
after_all_success
hook for Travis - [0星][2y] [C] cblack-r7/hashcat-hook A few LD_PRELOAD hooks to fix specific issues with hashcat
- [0星][2y] [Py] ciscose/sparkhelper A few of functions that help with checking that your bot is being used by an approved organization and for verifying the signature of a web hook request.
- [0星][2y] [JS] yazeedb/responsive-fdt2-hooks Created with CodeSandbox
- [0星][10m] zhulmin/iosapphook iOS 逆向开发学习笔记
- [0星][1y] [shell] keychest/certbot-hooks
- [0星][5y] [Py] nikseetharaman/grapplinghook Open Source 802.11 Direction Finder
- [None星][C] tandasat/uefivarmonitor The runtime DXE driver monitoring access to the UEFI variables by hooking the runtime service table.
- [None星][C] shoumikhin/elf-hook ELF shared library import table patching for function redirection.
文章
- 2020.02 [zoom] ‘We Were Hooked From Day One’: How Zoom, Zoom Rooms Helped Save the Children Transform Communications
- 2020.02 [cqureacademy] [RSA USA 2020] Explore Adventures in the Underland: Forensic Techniques Against Hackers Evading the Hook
- 2020.01 [WarrantyVoider] RE with WV - Episode #8 Taking over functions with detouring/hooking
- 2019.12 [aliyun] 关于通过Topchunk覆写Free_hook方法介绍
- 2019.10 [aliyun] pwn学习系列之Extend the chunk及realloc_hook利用
- 2019.08 [webroot] Cyber News Rundown: Hookup App Exposes Users
- 2019.07 [0x00sec] Hooking in x64 bits
- 2019.06 [aliyun] 前端Sandbox hook toString的一点思路
- 2019.05 [logrocket] How to migrate from HOCs to Hooks
- 2019.05 [codeinsecurity] Using uMod Patcher to create new hooks for Rust (the game)
- 2019.04 [logrocket] Experimental Node.js: testing the new performance hooks
- 2019.04 [malware] 2019-04-03 - QUICK POST: HOOKADS CAMPAIGN RIG EK SENDS AZORULT
- 2019.03 [0x00sec] Defeating Userland Hooks (ft. Bitdefender)
- 2019.03 [illuminati] Why does EpicGamesLauncher hook into every process on my machine? (and keep them open after they close?)
- 2019.02 [malware] 2019-02-28 - FALLOUT EK FROM HOOKADS CAMPAIGN
- 2019.02 [Fig] Hookshotless GTG
- 2019.02 [kaspersky] How pirates hook gamers
- 2019.01 [fsx30] Bypass EDR’s memory protection, introduction to hooking
- 2019.01 [fsx30] Vectored Exception Handling, Hooking Via Forced Exception
- 2019.01 [malware] 2019-01-10 - HOOKADS CAMPAIGN RIG EK PUSHES VIDAR
- 2019.01 [malware] 2019-01-04 - HOOKADS CAMPAIGN RIG EK PUSHES SMOKELOADER
- 2018.12 [pediy] [原创]关于微信聊天机器人的半hook半协议研究
- 2018.11 [pediy] [原创]攻破国内某大型app抓包hook签名检测,居然只是想替它实现懒人自动下一条视频播放?
- 2018.11 [traffic] [2018-11-22] HookAds->FalloutEK->KPOT
- 2018.11 [traffic] [2018-11-21] HookAds->FalloutEK->AZORult->NetWireRAT
- 2018.11 [nao] HookAds->FalloutEK pushes Nocturnal Stealer, And new GlobeImposter
- 2018.11 [traffic] [2018-11-10] HookAds->FalloutEK->Vidar->GlobeImposter
- 2018.11 [pediy] [原创]快过年了,最暴力的微信骰子作弊方法(附分析过程),不是hook~~~
- 2018.11 [traffic] [2018-11-08] HookAds->FalloutEK->DanaBot
- 2018.11 [pediy] [原创]记录一次脱壳,代理无法抓包,直接Hook网络请求的操作
- 2018.10 [vkremez] Let's Learn: Exploring ZeusVM Banking Malware Hooking Engine
- 2018.10 [traffic] [2018-10-29] HookAds->FalloutEK->AZORult->GlobeImposter+CoalaBot
- 2018.10 [pediy] [原创]MoonU安全学习笔记之内联Hook](https://bbs.pediy.com/thread-247532.htm)
- 2018.10 [pentest] Offensive IAT Hooking
- 2018.10 [traffic] [2018-10-09] HookAds->FalloutEK->AZORult
- 2018.10 [traffic] [2018-10-06] HookAds->FalloutEK->SmokeLoader->Miner
- 2018.10 [traffic] [2018-10-04] HookAds->FalloutEK->Kraken
- 2018.09 [auth0] Validate User Emails Fast using Kickbox and Auth0 Hooks
- 2018.08 [thedebuggers] Minify HTML in CodeIgniter using Hooks
- 2018.08 [badtrace] Anti-Hooking checks of SmokeLoader 2018
- 2018.07 [pediy] [原创]从pwnabke.tw第18题看free_hook覆盖
- 2018.07 [BSidesTLV] Deep hooks - Assaf Carlsbad & Yarden Shafir
- 2018.07 [Fig] Suns Grave Keese (Chus+Hook)
- 2018.07 [Fig] Hoverbooots vs Hookshot First (version 2)
- 2018.07 [Fig] Hovers First vs Hookshot First (new vc equip dupe route)
- 2018.07 [qq] 【游戏漏洞】代码实现HOOK明文发包
- 2018.06 [pediy] [原创]Hook原理
- 2018.06 [4hou] 检测Hook和ROP攻击: 方法与实例
- 2018.05 [pediy] [分享] 爱奇艺APP使用的 native PLT hook 库开源了,经过了“亿级”线上设备的稳定性兼容性考验
- 2018.05 [pierrchen] Understand Container 6: Hooks and Network
- 2018.05 [apriorit] Detecting Hook and ROP Attacks: Methods with Examples
- 2018.04 [360] 通过Hooking Chrome浏览器的SSL函数实现读取SSL通信数据
- 2018.04 [pediy] [原创]Xposed第一课(微信篇) hook含有多个参数的方法
- 2018.04 [4hou] Hooking Chrome浏览器的SSL函数来读取SSL通信数据
- 2018.04 [cqureacademy] RSA 2018: Adventures In The Underland: Techniques Against Hackers Evading The Hook
- 2018.04 [pediy] [原创]Hyperplatform VT HOOK阅读笔记
- 2018.03 [pediy] [原创]纪念我HooK逝世的青春--XIgnCode3.TP.NP.HS.PP.GPK
- 2018.03 [traffic] [2018-03-20] HookAds->RigEK->Miner
- 2018.03 [qq] 【游戏漏洞】HOOK原理以及在游戏逆向中的应用
- 2018.03 [malwarebreakdown] Fobos Campaign Uses HookAds Template and Delivers Bunitu Proxy Trojan via RIG EK
- 2018.03 [sentinelone] 深度Hook: 监控WOW64应用程序的Native执行 Part 1
- 2018.03 [Fig] Spirit BK Skip: Hookshot Jump vs Superslide
- 2018.03 [malwarebreakdown] HookAds Campaign Is Back And Using RIG EK to Deliver Bunitu Proxy Trojan
- 2018.03 [pediy] [原创]ctf pwn中的malloc_hook利用及pragyan ctf 2018 pwn writeup
- 2018.02 [nytrosecurity] Hooking Chrome’s SSL functions
- 2018.02 [HACKADAY] Brilliant path to stronger wall hooks through 3D printing with reinfocement
- 2018.02 [pediy] [原创]x64内核中的HOOK技术. 拦截进程,拦截线程,拦截模块(思路)
- 2018.01 [freebuf] 企业壳的反调试及Hook检测分析
- 2018.01 [pediy] [原创]企业壳反调试及hook检测分析
- 2018.01 [pediy] [原创]1字节 [hook引擎] 开源分享,最高效,简单
- 2018.01 [pediy] [翻译]Ring3/Ring0层Rootkit Hook检测技术(二)
- 2018.01 [pediy] [翻译]Ring3/Ring0层Rootkit Hook检测技术(一)
- 2017.12 [hasherezade] hook finder vs Process Doppelganging
- 2017.12 [hasherezade] Unpacking Magniber ransomware with PE-sieve (former: 'hook_finder')
- 2017.12 [pediy] [翻译]利用KPROCESS结构的InstrumentationCallback域实现Hook
- 2017.12 [hshrzd] Hook the planet! Solving FlareOn4 Challenge6 with libPeConv
- 2017.11 [Fig] Hookshotless Chuslide Teleport Explanation
- 2017.11 [Fig] Hovers First vs Hook First in 100%
- 2017.10 [ccsinet] Cybersecurity Trends That Shook 2017
- 2017.09 [360] 看我如何通过hook攻击LuaJIT
- 2017.09 [nickcano] Hook 脚本语言 Lua 的 JIT(尤其针对使用 Lua 的游戏)
- 2017.09 [arxiv] [1709.08331] By Hook or by Crook: Exposing the Diverse Abuse Tactics of Technical Support Scammers
- 2017.09 [malwarebreakdown] HookAds Campaign Leads to RIG EK and Drops ZeuS Panda.
- 2017.09 [360] 见招拆招:详谈COM接口函数Hook技术
- 2017.09 [hackersgrid] BeEF – Hooking Browser using Classic 2048 HTML Game
- 2017.08 [hasherezade] hook_finder - a small tool for investigating in-memory patches
- 2017.08 [malwarebreakdown] Malvertising Chain Leads to the HookAds Campaign. RIG Drops Dreambot.
- 2017.07 [malwarebreakdown] Dreambot Dropped by HookAds
- 2017.07 [malwarebreakdown] HookAds Continues to use RIG EK to Drop Dreambot
- 2017.06 [pediy] [原创]阿里系产品Xposed Hook检测机制原理分析
- 2017.06 [malwarebreakdown] Malvertising Leads to HookAds Campaign Which Redirects to RIG EK at 188.225.74.13. RIG EK Drops Dreambot.
- 2017.06 [malwarebreakdown] HookAds Campaign Leads to RIG EK at 188.225.78.240. RIG EK Drops Dreambot.
- 2017.06 [malwarebreakdown] HookAds Malvertising Campaign Leads to RIG EK at 194.87.93.114 and Drops Dreambot
- 2017.06 [blacksunhackers] 利用 AppVerifier 实现函数Hook 及驻留
- 2017.05 [malwarebreakdown] HookAds Campaign Leads to RIG EK at 188.227.74.169 and 5.200.52.203, Drops Dreambot
- 2017.05 [Fig] Shadow Early with Hookshot Jump Tutorial
- 2017.05 [malwarebreakdown] HookAds Malvertising Campaign Leads to RIG EK at 185.154.53.33, Drops LatentBot
- 2017.05 [pediy] [原创] 无需越狱,篡改动态符号表实现hook
- 2017.05 [pediy] 针对TP hook 0E 页表异常断点 处理方法 理论处理
- 2017.05 [csyssec] 使用LRB(最近分支记录)特性检测IDT Hooking
- 2017.04 [MalwareAnalysisForHedgehogs] Malware Analysis - Hook Injection PoC by Robert Kuster
- 2017.04 [u011721501] PHP HOOK的若干方法
- 2017.04 [pediy] 解决爱加密加固之后使用xposed hook的时候log打印不出来的问题
- 2017.04 [freebuf] 利用Hook技术实现浏览器HTTPS劫持
- 2017.04 [Fig] skip bombable wall in dc with hookshot jump [useless]
- 2017.03 [malwarebreakdown] HookAds Campaign Leads to RIG EK at 92.53.104.78
- 2017.03 [pediy] [原创]利用VirtualApp实现360加固的soHook简单例子
- 2017.03 [pediy] [原创]利用VirtualApp实现免Root注入Hook(一)
- 2017.03 [csyssec] Hook内核之PVOPS
- 2017.02 [malwarebreakdown] HookAds Malvertising Redirects to RIG-v EK at 217.107.219.99. EK Drops Ursnif Variant Dreambot.
- 2017.02 [auth0] Introducing Auth0 Hooks
- 2017.02 [anitian] RSA Conference 2017 – By Hook Or By Crook, We Will
- 2017.02 [cqureacademy] Forensic techniques against hackers evading the hook (notes from NIC conference)
- 2017.01 [engineeringblog] Announcing Docker Hook Support for Pre-Commit
- 2016.11 [malwarebytes] The HookAds malvertising campaign
- 2016.10 [] 浅谈hook007的自启动手法
- 2016.10 [] 浅谈hook007的自启动手法
- 2016.10 [criteo] Criteo to Acquire HookLogic – Strengthening its Performance Marketing Platform
- 2016.10 [securitygossip] Persistent Data-only Malware: Function Hooks Without Code
- 2016.10 [sjtu] Persistent Data-only Malware: Function Hooks Without Code
- 2016.08 [securityintelligence] The Increasing Dangers of Code Hooking
- 2016.08 [scorchsecurity] Bypassing user-mode hooks the sneaky way
- 2016.07 [ensilo] Intrusive Applications: 6 Security Issues to Watch Out for in Hooking
- 2016.05 [n0tr00t] wafCheck.py DEMO - Hook urllib2 / requests
- 2016.04 [f] Unprotected WiFi Hook-Ups in action at Collision
- 2016.04 [f] Unprotected WiFi Hook-Ups in action at Collision
- 2016.03 [turingh] fishhook源码分析
- 2016.03 [qq] 植物大战僵尸硬件断点HOOK实现
- 2016.03 [freebuf] IAT Hooking的一种安全实现方式
- 2016.03 [pediy] [原创]Hello world 版本Hook java
- 2016.03 [talosintelligence] Angler Attempts to Slip the Hook
- 2016.01 [] 百脑虫之HOOK技术分析
- 2016.01 [] 浅谈hook007的自启动手法
- 2016.01 [beefproject] Hooked Browser Network with BeEF and Google Drive
- 2015.12 [bhconsulting] The ransomware of Christmas present: 60,000 hooked by festive imagery
- 2015.12 [sparkfun] Shapeoko hookup guides and tutorials
- 2015.10 [pediy] [原创][源码]任务管理器:进程+线程+模块+服务+HOOK
- 2015.10 [lightless] CodeIgniter源码阅读笔记5之Hooks.php
- 2015.09 [pediy] [原创]hook007木马分析
- 2015.09 [] 罪恶家族hook007之潜伏篇
- 2015.09 [] 罪恶家族hook007之潜伏篇
- 2015.08 [pediy] [原创]使用调试机制进行HOOK来躲避检测的一次尝试
- 2015.08 [MalwareTech] Hook Scanner Test (Zeus)
- 2015.08 [malwaretech] User Mode Hook Scanner (Alpha)
- 2015.08 [checkpoint] JavaScript Hooking as a Malicious Website Research Tool | Check Point Software Blog
- 2015.08 [mwrinfosecurity] Dynamic Hooking Techniques: User Mode
- 2015.08 [holisticinfosec] toolsmith: There Is No Privacy - Hook Analyser vs. Hacking Team
- 2015.07 [inopinatus] Hook AWS notifications into Slack with a Lambda function
- 2015.06 [talosintelligence] Hook, Line & Sinker: Catching Unsuspecting Users Off Guard
- 2015.05 [malwarebytes] Scams Within Facebook Press On, Use “Facebook for Business” Hook
- 2015.05 [pediy] [原创]Half-Life Engine Hook WalkHack
- 2015.04 [rtl] Hooking up an Si5351A Voltage Controlled Oscillator to the Local Oscillator Input on an RTL-SDR
- 2015.04 [pediy] [原创]新手无hook进程保护及过签名分析
- 2015.04 [pediy] [原创]Hook Lib for ddk
- 2015.04 [nabla] Hooking Variadic Functions With Substrate
- 2015.04 [pediy] [原创]基于HOOK的Anti-debug调用点trace和Anti-anti
- 2015.04 [malwaretech] Intercepting all System Calls by Hooking KiFastSystemCall
- 2015.03 [securify] Hooking Swift methods for fun and profit
- 2015.02 [pediy] [原创][原创]x64 idt Hook
- 2015.01 [codereversing] Virtual Method Table (VMT) Hooking
- 2015.01 [] 罪恶家族hook007之潜伏篇
- 2015.01 [pediy] [原创]SO Hook技术汇总
- 2015.01 [pediy] [原创]易语言纯手写inlne hook
- 2014.12 [pediy] Hook显卡厂商驱动(draw whatever you want)
- 2014.12 [arduino] How to print a Pirate Hook with your Materia 101
- 2014.12 [pediy] [原创]COM接口函数通用Hook方法
- 2014.11 [siliconblade] Finding Call Reference Hooks in Mac Memory
- 2014.11 [mcafee] Hooking the Mac - Mac OS X Wirelurker malware
- 2014.11 [mcafee] Chinese Trojan Hooks Macs, iPhones
- 2014.11 [pediy] [原创]重载内核新方法,避免SEH导致的蓝屏(不hook链表)
- 2014.10 [pediy] [翻译]卡巴斯基HOOK引擎分析
- 2014.10 [pediy] [原创]HOOK学习笔记与心得
- 2014.10 [quequero] Kaspersky Hooking Engine Analysis
- 2014.09 [L173864930] Hook Java的的一个改进版本
- 2014.09 [pediy] [原创]Hook Java的的一个改进版本
- 2014.09 [christophertruncer] Getting Hooked up with Responder and Beef
- 2014.09 [sparkfun] Electricute - Conductive Velcro-Style Hook and Loop
- 2014.09 [] 罪恶家族——hook007木马
- 2014.09 [] 罪恶家族——hook007木马
- 2014.09 [pediy] [原创]无源码加解密实现 && NDK Native Hook
- 2014.08 [engineeringblog] Announcing pre-commit: Yelp’s Multi-Language Package Manager For Pre-Commit Hooks
- 2014.08 [Proteas] 在非越狱设备上Hook C++的虚函数是否可能?
- 2014.07 [pediy] [原创] (向量化异常处理)VEH hook
- 2014.07 [pediy] [原创]分析 Substrate 的 ARM/THUMB 函数 Hook 实现细节
- 2014.06 [malwarebytes] Scammers Continue to Hook Users with Free Facebook Hacking
- 2014.06 [malwaretech] Usermode System Call hooking – Betabot Style
- 2014.05 [toolswatch] Hook Analyser v3.1 Released
- 2014.05 [pediy] [原创]YY-一种高可靠性Hook的思路
- 2014.04 [pediy] [原创]浅谈之重读老文章之那些年我们追过的gdt hook
- 2014.03 [pediy] [原创]Hook Com接口函数
- 2014.02 [pediy] [原创]逆向角度分析 CydiaSubstrate Hook 原理
- 2014.01 [pediy] [原创]代码Hook之指令级实现
- 2014.01 [toolswatch] Hook Analyser v3.0 The malware analysis utility released with the support of Cyber Threat Intelligence
- 2014.01 [] 罪恶家族——hook007木马
- 2014.01 [HackersSecurity] DEFCON 17: Managed Code Rootkits Hooking into Runtime Enviroments
- 2013.12 [pediy] [原创]hook之函数栈帧追溯、NSLog捕获、STDOUT重定向
- 2013.12 [pediy] [原创]如何在toolchain4编译环境上使用Substrate框架,产生针对某个应用程序的hook动态库
- 2013.12 [publicintelligence] (U//FOUO) New Jersey Fusion Center: School Attacks and Plots Since Sandy Hook
- 2013.12 [incolumitas] IAT hooking
- 2013.11 [publicintelligence] Connecticut State’s Attorney Report on Sandy Hook Elementary School Mass Shooting
- 2013.11 [rsa] Detecting New 50-Troting Shell Hook Malware
- 2013.10 [pediy] [原创]hook connect函数,禁用网络访问
- 2013.10 [pediy] [原创]发一个c++ hook库, 主要用来测试和调试
- 2013.10 [malwaretech] Ring3 / Ring0 Rootkit Hook Detection 2/2
- 2013.09 [pediy] [分享]新手的两份学习源码——数字的hook框架和重载内核
- 2013.09 [toolswatch] Hook Analyser v2.6 Released
- 2013.09 [malwaretech] Ring3 / Ring0 Rootkit Hook Detection 1/2
- 2013.09 [malwaretech] Fighting Hooks With Hooks – Sandbox Escape
- 2013.08 [pediy] [原创]Hook CreateTextServices
- 2013.08 [pediy] [原创]浅谈系列之Object hook
- 2013.07 [pediy] [原创]Delphi Hook Library(X86/X64)
- 2013.07 [siliconblade] Hooking IDT in OS X and Detection
- 2013.07 [siliconblade] Back to Defense: Finding Hooks in OS X with Volatility
- 2013.05 [toolswatch] Hook Analyser v2.5 Released
- 2013.05 [pediy] [原创]I/O HOOK大法
- 2013.05 [freebuf] TCP代理数据篡改工具-HookME v0.2.1.0b
- 2013.05 [pediy] [原创]HOOK NtCreateSection大法2
- 2013.04 [WarrantyVoider] ME3OTH - Hooking Sequence Objects
- 2013.04 [pediy] [分享]对百度杀毒软件hook的一点分析[更1]
- 2013.04 [freebuf] TCP代理工具(Data tamper)—hookme
- 2013.03 [pediy] [原创]ring3下的IAT HOOK
- 2013.03 [trustwave] Hooked on Packets: Reading PCAPs for D Students - Preview
- 2013.03 [kaspersky] 10 arrests that shook the cybercrime underworld
- 2013.03 [pediy] [原创]<<游戏外挂攻防艺术>>Hook虚表
- 2013.03 [toolswatch] Hook Analyser v2.4 Released
- 2013.03 [pediy] [原创]发一个支持任意地点hook的类(包含驱动hook和应用层hook)
- 2013.03 [pediy] [原创]就算Lua也hook给你看-Corona SDK 游戏魔女防御战的作弊插件
- 2013.02 [pediy] [原创]发一个hook类的例子
- 2013.02 [freebuf] 恶意软件分析工具—Hook Analyser v2.3
- 2013.02 [knownsec] [hook.js]通用Javascript函数钩子
- 2013.02 [freebuf] [hook.js]通用Javascript函数钩子
- 2013.02 [toolswatch] Hook Analyser v2.3 Released
- 2013.02 [pediy] [原创]终极hook技术
- 2013.01 [pediy] [原创]用VC SDK实现的ICopyHook和IShellExecuteHook接口
- 2013.01 [nengx] QQ2013 聊天记录获取(Hook)
- 2012.12 [rapid7] Introduction to Metasploit Hooks
- 2012.10 [pediy] [原创]发一个可编译,可替换的hookport代码
- 2012.10 [pediy] [原创]发一个不仅仅hook的游戏保护驱动代码,以及简要流程图
- 2012.10 [toolswatch] Tools in The Hook – Issue #1 (Ghost in the Wires Review & NetworkMiner Author Interview)
- 2012.10 [forcepoint] Hook, line and sinker: the dangers of Location-Based Services
- 2012.08 [securesolutions] Guide to understanding XSS – Payloads, attack vectors, BeEF hooking, MiTM with Shank and some history
- 2012.08 [zonealarm] Don’t Get Hooked: Anatomy of an Email Scam
- 2012.08 [zonealarm] Don’t Get Hooked: Anatomy of an Email Scam
- 2012.08 [pediy] 我也发个HOOK中间工具。
- 2012.08 [redplait] MsgHookLister
- 2012.07 [pediy] [原创]高端Rootkit的hook隐藏技术
- 2012.06 [redplait] CoRegisterChannelHook in w8 consumer preview
- 2012.05 [pediy] [原创]监控进程创建结束非HOOK方式
- 2012.04 [pediy] [原创]一个hooklib源码 for ring0 ring3 x86 amd64
- 2012.03 [rachelbythebay] Hooking up a school to a T1 on the cheap
- 2012.02 [pediy] [原创]对象名字劫持,如何隐藏IRP DISPATCH HOOK
- 2012.02 [pediy] [原创]QQ电脑管家中的 Hook 过程分析
- 2012.02 [pediy] [原创]对WriteFile全面Hook
- 2011.12 [pediy] [原创]Hook KiFastCallEntry监控系统调用
- 2011.12 [pediy] [原创]Hide idt Hook By DrxHOOK
- 2011.11 [winsunxu] vc6 chkesp IATHook 出错解决
- 2011.11 [pediy] [原创]NDIS6 X86通用hook代码
- 2011.11 [pediy] [原创]某安全卫士的内核hook
- 2011.11 [pediy] [原创]hide idt hook src
- 2011.11 [pediy] [原创]ZProtect Anti-Hook 脱壳
- 2011.10 [pediy] [原创]IAT随便HOOK+反检测方法
- 2011.10 [redplait] w8 DelayLoadFailureHookImplementation
- 2011.10 [pediy] [原创]简单分析一下HS驱动保护 - Hook篇
- 2011.09 [a1logic] Reversing Stuxnet: 5 (Kernel Hooking)
- 2011.08 [a1logic] Reversing Stuxnet: 3 (Filesystem hooking)
- 2011.08 [pediy] [原创]TDI HOOK监控tcp连接源码+文档
- 2011.08 [pediy] [原创]无hook无patch 无自定义peloader 在内核加载执行驱动
- 2011.06 [pediy] [原创]恢复KiFastCallEntry的hook,用任务管理器结束360
- 2011.06 [pediy] [原创]hook ProbeForWrite探测隐藏进程
- 2011.05 [pediy] [原创]不HOOK任何函数,让任务管理器、XueTr、360进程管理器无法结束保护进程
- 2011.05 [pediy] [原创]很多句话让XueTr卸载不了我们的驱动(ObjectType HOOK)
- 2011.04 [pediy] [原创]自认为巧妙的ring3 HOOK模板,欢迎大牛指点
- 2011.04 [pediy] [原创]学习内核写的hook库,支持内核中常用的几种hook
- 2011.03 [redplait] IERT_DelayLoadFailureHook
- 2011.03 [androidcracking] original smalihook java source
- 2011.03 [winsunxu] C++成员函数的HOOK
- 2011.03 [pediy] [原创]另类HookShadow
- 2011.02 [pediy] [原创]发个HOOK源码
- 2011.01 [pediy] [原创]objectHook简单介绍
- 2010.11 [e] One safe hook handler - E8 Method
- 2010.10 [pediy] [原创]利用IShellExecuteHook接口对程序监控
- 2010.07 [pediy] [原创]狙剑 SnipeSword.sys NtLoadDriver Hook 本地拒绝服务漏洞
- 2010.07 [pediy] Hook过滤架构搭建,仿照360
- 2010.06 [pediy] [原创]hook类[有码]
- 2010.05 [cleanbytes] A new attack method–Kernel HOok Bypassing Engine ?
- 2010.05 [pediy] [原创]内核无HOOK文件防删除,可以过冰刃,xuetr,easydelete
- 2010.03 [imthezuk] hooking for fun and profit 2 - logging function calls
- 2010.02 [pediy] [原创]QQ医生 <= 3.2 内核驱动程序ZwCreateKey HOOK 本地拒绝服务漏洞
- 2010.02 [pediy] [原创]QQ医生 <= 3.2 内核驱动程序ZwSetInformationFile HOOK 本地拒绝服务漏洞
- 2009.12 [pediy] [原创]Hook URLDownLoadToFile
- 2009.11 [pediy] [原创]魔兽争霸改键工具(附源码),仅以此讨论Hook基础技术
- 2009.10 [pediy] [原创]分析了一下360安全卫士的HOOK(二)——架构与实现
- 2009.10 [pediy] [原创]分析了一下360安全卫士的HOOK
- 2009.10 [vexillium] TraceHook v0.0.2
- 2009.10 [vexillium] TraceHook v0.0.2
- 2009.09 [webroot] Roman Polanski Arrest Spawns Headline-Hooking Rogues
- 2009.09 [pediy] [原创]从任务管理器中删除自己(非hook)
- 2009.09 [pediy] [原创]IRP Hook 键盘Logger
- 2009.09 [pediy] [原创]内核HOOK的安全问题(全程现场回放)
- 2009.08 [vexillium] TraceHook v0.0.1 release
- 2009.08 [vexillium] TraceHook v0.0.1 release
- 2009.08 [pediy] [原创]鼠标修复软件2.0,IRP HOOK实现(开源)
- 2009.08 [pediy] [原创]Hook ObReferenceObjectByHandle的另一种框架
- 2009.07 [pediy] [原创]Hook HttpSendRequest截获多帐号木马分析
- 2009.06 [pediy] [分享]Ring3 ZwQuerySystemInformation Hook(HideProcess)
- 2009.05 [pediy] [原创]HOOK笔记
- 2009.04 [pediy] [原创]VEH实现的HOOK
- 2009.04 [pediy] [原创]在WM6下实现对电话进程通话状态窗口的截获以及Subclass Hook
- 2009.02 [coldwind] ExcpHook ver 0.0.5-rc2
- 2008.12 [pediy] [原创]打造自己的HOOK引擎 之二 --- HOOK CHAIN处理
- 2008.12 [pediy] [原创]奇虎360第1题 hook WRITE_PORT_UCHAR
- 2008.12 [pediy] [分享]HOOK SwapContext 枚举隐藏进程(学习笔记4)
- 2008.12 [pediy] [原创]RING3代码HOOK的原理实现 (学习笔记1)
- 2008.09 [pediy] [原创]CE 下另類 Hook function 方式..
- 2008.09 [pediy] [原创]基于交叉引用的搜索检测object hook
- 2008.09 [coldwind] Is function hooking in Chrome really a security mechanism?
- 2008.08 [pediy] [原创]一种Object hook的思路和实现过程
- 2008.06 [pediy] [分享]hook ObOpenObjectByPointer
- 2008.04 [pediy] [分享]hook ZwQueryDirectoryFile实现文件隐藏
- 2008.04 [pediy] [原创]导出表钩子------EAT HOOK
- 2008.04 [evilcodecave] Hooking the Hook
- 2008.03 [pediy] [下载]Rootkit Hook 专题(CHM版)
- 2008.03 [pediy] [求助]Hook ZwSetSystemInformation时遇到奇怪的问题
- 2008.03 [pediy] [原创]rootkit hook 之[七]--- IAT Hook
- 2008.02 [pediy] [原创]rootkit hook之[六] -- sysenter Hook
- 2008.02 [pediy] [原创]rootkit hook 之[五] -- IRP Hook全家福
- 2008.02 [pediy] [原创]rootkit hook之[四]-- IDT Hook
- 2008.01 [pediy] [原创]RootKit hook 之[一] object hook
- 2007.12 [pediy] [原创]对 Hook 内核ntoskrnl'sZwQuerySystemInformation隐藏任务管理器进程名 的一点完善
- 2007.11 [bhconsulting] Spammers use religion as a hook
- 2007.10 [pediy] [原创]发布一款自己写的小软件揭秘HOOK技术(附完整的源代码)
- 2007.10 [pediy] [原创]利用WH_DEBUG消息进行反HOOK
- 2007.08 [evilcodecave] Something about Firewall hooking and Packet Filtering #2
- 2007.08 [evilcodecave] Something about Firewall hooking and Packet Filtering
- 2007.04 [pediy] [原创]另一种sysenter hook方法(绕过绝大多数的rootkit检测工具的检测)
- 2007.04 [pediy] [原创]必备绝技——hook大法( 中 )
- 2007.04 [pediy] [原创]必备绝技--Hook大法( 上 )
- 2007.01 [pediy] 逆向未知dhook.sys驱动源代码
- 2006.12 [pediy] [原创]Hook 内核ntoskrnl'sZwQuerySystemInformation隐藏任务管理器进程名
- 2006.12 [pediy] Attacks on Themida AntiHook Protection
- 2006.09 [pediy] [分享]Hide process only for NT(HOOK方式)
- 2006.08 [pediy] HOOK实现读取、存储远程进程的控件文本
- 2006.08 [pediy] [已解决]如何用全局Hook记录鼠标滚轮的动作?
- 2005.07 [mckeay] Cisco lets researcher off the hook
- 2005.07 [pediy] 利用hook编写通用破解程序
- 2005.07 [pediy] Hook And Inject 系列教程 7.12 update
- 2005.06 [pediy] [转帖]内核级利用通用Hook函数方法检测进程(支持主题讨论)
- 2004.12 [pediy] [原创]对Rav 2005中HOOK的初步分析
- 2004.08 [infosecblog] Long Range Hookup
贡献
内容为系统自动导出, 有任何问题请提issue