hoshimin / hooklib Goto Github PK

View Code? Open in Web Editor NEW

714.0 24.0 152.0 74 KB

The functions interception library written on pure C and NativeAPI with UserMode and KernelMode support

License: MIT License

C 76.13% C++ 23.87%

x86-64 hooking hook x86 intercept-calls intercept hooklib hook-api hooks hooks-api

hooklib's People

Contributors

Stargazers

Watchers

Forkers

ackroute wepeco bixingbin fengjixuchui zhuhuibeishadiao kernweak killvxk yangki1902 hymeca zk2013 fcccode k3v1n1990s woozoo86 sensorphalanx morelli690 coreult igoryunusov yang123vc pumpkinbro st-rnd dandycheung 9844201 imulmul supermanc88 darkersquirrel arryboom u23112018 jjensn codingman reptark hypn4 playday3008 linecode iamasbcx pokevas sjhgithub ezhangle andy9211 signalblur songbei6 leeza007 bia10 fake-cheater pauldc31 moepus ltears doytsujin rumia-san besimbicer89 lxlyh fq19851220 hongruixing peter-zheng-sp qazxsw1597532018 templeblock mandeep369bhuku kinglyu okandok y11en kmwin a10ncoder samehfido zzzzzzssssmmm9 kbugstar oracode-600 jgoga levisre crackercat zanzo420 zh4x 0x420z asdlei99 ra2003 trgblock wonderzdh 214740110 bhnhat zaronz 1779515142 zzfeed idone wuyadie snow-loli lyingsimon tlsloves lordgarfio bypasscc hugmyndakassi satervalley kejimekuji clayne abc123456defg nikitso 565266718 danyhm oldyang1983 chattownwes kycgni backuphouse t1swz1t

hooklib's Issues

windows 10 1809 page_fault_in_nonpaged_area

hello, this library is very useful, thank you for that. Today im try to test with windows 10 1809(x64) and got page_fault_in_nonpaged_area bugcheck error, anyways to fix it? sorry i just begining in kernel development.

Build failed due to identifier "_Original" and "_State" is not defined

I have created a PR #7 for this issue .
Could you please check this? Thanks!

Hi, Александр,
I just downloaded your code (NOT git clone) and try to build the solution.
However, the compiler complained

C3861- '_Original' :  identifier is not defined
C3861- '_State' :  identifier is not defined

In file HookLib.h

I believed the the line 60

        return _Original;

should be

        return m_Original;

and line 82

        if (_State) return FALSE;

should be

        if (m_State) return FALSE;

After I corrected _Original to m_Original and _State to m_State, the project was built successfully.

Seems that This issue was introduced by commit
4576e43

I have created a PR #7 for this issue .
Could you please check this? Thanks!

hook failed with DbgkpCloseObject

nt!DbgkpCloseObject:
fffff804`566493f0 4983f901        cmp     r9,1
fffff804`566493f4 0f87fb000000    ja      nt!DbgkpCloseObject+0x105 (fffff804`566494f5)
fffff804`566493fa 488bc4          mov     rax,rsp
fffff804`566493fd 48895808        mov     qword ptr [rax+8],rbx
fffff804`56649401 48896810        mov     qword ptr [rax+10h],rbp
fffff804`56649405 48897018        mov     qword ptr [rax+18h],rsi
fffff804`56649409 48897820        mov     qword ptr [rax+20h],rdi
fffff804`5664940d 4156            push    r14

because of relocateBeginning() return false.

You cannot directly copy the bytecode of the jump instruction, This caused the redirect address to be incorrect

Сделать хук для другого процесса

Возможно ли использовать вашу библиотеку для хука другого процесса?
Если да то подскажите пожалуйста что надо поменять в коде
hProc = OpenProcess(PROCESS_ALL_ACCESS, false, pid);
#define NtCurrentProcess() (hProc)

Problem with hooking windows api

So when I tried to hook an windows API function example

	void* orginalSetCursor = nullptr;
	hook(SetCursor, hkSetCursor, &orginalSetCursor);

this throws an access violation at 0x0000000000000000 lol

hooking other functions works just fine, just the Windows API does not work

[Help]HookLib.lib(HookLib.obj) : warning LNK4257: Object file was not compiled for kernel mode

I am trying to hook NtCreateUserProcess in the driver using hooklib, but I have encountered the following problem:

3>Building 'HookSysDemo' with toolset 'WindowsKernelModeDriver10.0' and the 'Desktop' target platform.
3>main.cpp
3>HookLib.lib(HookLib.obj) : warning LNK4257: object file was not compiled for kernel mode; the image might not run
3>LINK : error LNK1218: warning treated as error; no output file generated
3>Done building project "HookSysDemo.vcxproj" -- FAILED.

source code: frendguo@74a33f8

I see that the project's readme supports kernel mode. Am I using it incorrectly? Please help me.

External dep(Zydis) is not resolved

Hello, first of all, thanks for your useful release!
Looks like u forgot to make zydis opensource? Module cannot be found on github

Cloning into 'HookLib'...
remote: Enumerating objects: 21, done.
remote: Counting objects: 100% (21/21), done.
remote: Compressing objects: 100% (17/17), done.
remote: Total 21 (delta 3), reused 21 (delta 3), pack-reused 0
Unpacking objects: 100% (21/21), done.
Submodule 'HookLib/Zydis' (https://github.com/zyantific/zydis.git) registered for p
ath 'HookLib/Zydis'
Cloning into '/home/a47/HookLib/HookLib/Zydis'...
remote: Enumerating objects: 184, done.
remote: Counting objects: 100% (184/184), done.
remote: Compressing objects: 100% (77/77), done.
remote: Total 5581 (delta 96), reused 165 (delta 91), pack-reused 5397
Receiving objects: 100% (5581/5581), 10.35 MiB | 10.77 MiB/s, done.
Resolving deltas: 100% (3863/3863), done.
error: Server does not allow request for unadvertised object 14808b0308fc01b804b7f5
4b2578f74d396ca653
Fetched in submodule path 'HookLib/Zydis', but it did not contain 14808b0308fc01b80
4b7f54b2578f74d396ca653. Direct fetching of that commit failed.

win10 KiDispatchException

win10 will cause the system to be unresponsive, not bsod.win7 is normal

is my test doing good? xD i dont know what im looking at

32 bit

C:\Users\Administrator>"D:\github\HookLib-master\Release\HookLibTests.exe"
`anonymous-namespace'::testHookOnce:
Hook: 0 0 0.123000
[X] orig0 != nullptr


`anonymous-namespace'::testHookOnce:
Hook: 0 0 0.123000
Hook: 0 0 0.000000
Hook: 0 0 0.000000
Hook: 0 0 0.000000

`anonymous-namespace'::testSerialHooks:
Hook: 1 1 0.100000
Orig: 1 1 0.100000
Hook: 2 2 0.200000
Orig: 2 2 0.200000
Orig: 2 2 0.200000
Orig: 1 1 0.100000

`anonymous-namespace'::testSerialHooksMultiunhook:
Hook: 1 1 0.100000
Orig: 1 1 0.100000
Hook: 2 2 0.200000
Orig: 2 2 0.200000
Orig: 1 1 0.100000
Orig: 2 2 0.200000

`anonymous-namespace'::testMultihook:
Hook: 1 1 0.100000
Orig: 1 1 0.100000
Hook: 2 2 0.200000
Orig: 2 2 0.200000
Orig: 1 1 0.100000
Orig: 2 2 0.200000

`anonymous-namespace'::testContextsFixup:
[X] ctx.Rip == reinterpret_cast<size_t>(orig)

also i use the new zydis

and only change this part

    ZydisDecoder decoder;
    if (arch == x64)
    {
        ZydisDecoderInit(&decoder, ZYDIS_MACHINE_MODE_LONG_64, ZYDIS_ADDRESS_SIZE_HINT_64);
    }
    else
    {
        ZydisDecoderInit(&decoder, ZYDIS_MACHINE_MODE_LEGACY_32, ZYDIS_ADDRESS_SIZE_HINT_32);
    }
    ```
    
    address width is not exist anymore

how to fix

win 11 22000 bsod

Run test with kernel mode, get bsod. compiled with sdk 22621 and wdk 10

022023-9437-01.zip

cant find dynamic library in current folder

Is there an easy solution for this or am i fucked?

Breaks on W11

This project doesn't contain the Configuration and Platform combination Release|x64

I have following error in my project while building when add reference to HookLib. What did I do wrong?

StopProcessors or ResumeProcessors freezes windows 10

second call to function that uses these two mentioned in title just makes windows 10 (1903) to freeze and there is no bsod
i personally tested it with kdmapper and my own driver
any help will be appreciated

please help

Странный баг

Заметил странное поведение функции hook. Использую следующим образом в контексте обработки IRP:
OrigZwTerminateProcess = hook(ZwTerminateProcess, HookedZwTerminateProcess);
По какой-то причине может не работать и возвращает 0 и не хукает функцию. После перезагрузки пк(не пересобирая драйвер) начинает нормально работать. Есть какие либо идеи?

help ASAP

i am new to the scripting so i need help.. i use visual studio code ik that but idk how to use it.. u talked about submodeling or smth in the 2nd before last issue u helped and I didn't understand anything. what do I have to do?..