zyantific/zyan-hook-engine zyantific/zyan-hook-engine

  • Stars
    star
    112
  • Rank 312,240 (Top 7 %)
  • Language
    C
  • License
    MIT License
  • Created over 9 years ago
  • Updated about 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
zyantific/zyan-hook-engine
github

zyantific

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Advanced x86/x86-64 hooking library (WIP).

Zyrex

License: MIT GitHub Actions Gitter Discord

Advanced x86/x86-64 hooking library for Windows

Readme

Everything in this repository is highly WiP and will probably not work as intended right now. Due to lack of time, development is currently on halt, but will hopefully resumed soon.

Features

Hooking methods

Inline Hook

Patches the prologue of a function to redirect its codeflow and allocates a trampoline which can be used to continue execution of the original function.

Roadmap

  • Windows kernel-mode support
  • Multi-platform support (macOS, FreeBSD, Linux and UEFI)
  • Software-Breakpoint (SWBP) Hook
    • Writes an interrupt/privileged instruction at the begin of a target function and redirects codeflow by catching the resulting exceptions in an unhandled exception handler (Windows only).
  • Hardware-Breakpoint (HWBP) Hook
    • Hooks code using the CPU debug registers. Not a single byte of code is changed (Windows only).
  • Import/Export Address Table Hook
    • Hooks code by replacing import-address table (IAT) and export-address table (EAT) entries of COFF binaries at runtime (Windows only).
  • Virtual-Method-Table Hook
    • Hooks code by replacing virtual-method-table (VMT) entries of object instances at runtime.

Build

Unix

Zyrex builds cleanly on most platforms without any external dependencies. You can use CMake to generate project files for your favorite C99 compiler.

git clone --recursive 'https://github.com/zyantific/zyrex.git'
cd zyrex
mkdir build && cd build
cmake ..
make

Windows

Either use the Visual Studio 2017 project or build Zyrex using CMake (video guide).

Versions

Scheme

Versions follow the semantic versioning scheme. All stability guarantees apply to the API only — ABI stability between patches cannot be assumed unless explicitly mentioned in the release notes.

Branches

  • master holds the bleeding edge code of the next, unreleased Zyrex version. Elevated amounts of bugs and issues must be expected, API stability is not guaranteed outside of tagged commits.
  • maintenance/v1 contains the code of the latest stable v1 release.

License

Zyrex is licensed under the MIT License.

More Repositories

1

zydis

Fast and lightweight x86/x86-64 disassembler and code generation library
C
2,969
star
2

IDASkins

Advanced skinning plugin for IDA Pro
Python
893
star
3

zasm

x86-64 Assembler based on Zydis
C++
216
star
4

REtypedef

Name substitution plugin for IDA Pro
C++
145
star
5

zydis-rs

Zydis Rust Bindings
Rust
79
star
6

remodel

Data and class remodeling library
C++
65
star
7

zycore-c

Internal library providing platform independent types, macros and a fallback for environments without LibC.
C
64
star
8

ida-cmake

IDA plugin CMake build-script
CMake
34
star
9

zydis-py

Zydis Python Bindings (Work In Progress)
Cython
30
star
10

continuum

Plugin adding multi-binary project support to IDA Pro (WIP)
Python
27
star
11

zydis-pascal

Zydis Pascal Bindings
Pascal
14
star
12

zydis-js

Zydis JavaScript bindings via WASM
TypeScript
14
star
13

zydis-submodule-example

Example project using Zydis via git submodule and CMake
C
13
star
14

zydis-db

Zydis instruction DB and editor/generator project
Pascal
10
star
15

zydis-go

Pure Go bindings for Zydis.
Go
10
star
16

zycore-cxx

Internal library providing frequently used helper functions and classes.
C++
7
star
17

zydis-bindgen

Helper script for Zydis language bindings
Python
6
star
18

zydis-cs

Zydis C# Bindings (work in progress)
C#
3
star
19

zydoc

Internal tool for generating documentation in CI
Rust
1
star