February 15, 2014: The final beta of EasyHook 2.7 has been released. Providing no further critical issues are found, the next release will be 2.7 stable.
January 13, 2013: Work on
EasyHook 2.7 is nearing completion - any help with testing the releases and fixing issues is always greatly appreciated. - Spazzarama - http://spazzarama.com
ANYONE WILLING TO PROVIDE BUGFIXES / DOCUMENTATION UPDATES / TUTORIALS? - contact
Copyright (C) 2009 Christoph Husse & (C) 2014 Justin Stenning
This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
It would be appreciated if the "powered" by logo below (or one created by yourself) is also used.
EasyHook makes use of the udis86 library by Vivek please also show your support for this great open source project https://github.com/vmt/udis86
EasyHook starts where Microsoft Detours ends.
This project supports extending (hooking) unmanaged code (APIs) with pure managed ones, from within a fully managed environment like C# using Windows 2000 SP4 and later, including Windows XP x64, Windows Vista x64 and Windows Server 2008 x64. Also 32- and 64-bit
kernel mode hooking is supported as well as an unmanaged user-mode API which allows you to hook targets without requiring a NET Framework on the customers PC. An experimental stealth injection hides hooking from most of the current AV software.
A new section in this project has been added: Documentation. It will reference projects and literature related to EasyHook.
Donations are greatly appreciated. If you find EasyHook useful, or are feeling generous and would like to make a donation to this project, we accept donation's via PayPal :)
||Epic Games licensed EasyHook for use in their Unreal(r) Engine 3.
"Unreal Technology is under the hood of the most visually intensive and exciting computer and video games on the market. From entertainment software to architectural visualization to animated content, Unreal Engine provides the platform and tools needed
to develop cutting-edge 3D projects."
||NDepend is a Visual Studio tool to manage complex .NET code and achieve high Code Quality.
The following is an incomplete list of features:
- A so called "Thread Deadlock Barrier" will get rid of many core problems when hooking unknown APIs; this technology is unique to EasyHook
- You can write managed hook handlers for unmanaged APIs
- You can use all the convenience managed code provides, like NET Remoting, WPF and WCF for example
- A documented, pure unmanaged hooking API
- Support for 32- and 64-bit kernel mode hooking (also check out my PatchGuard 3 bypass driver which can be found in the release list)
- No resource or memory leaks are left in the target
- Experimental stealth injection mechanism that won't raise attention of any current AV Software
- EasyHook32.dll and EasyHook64.dll are pure unmanaged modules and can be used without any NET framework installed!
- All hooks are installed and automatically removed in a stable manner
- Support for Windows Vista SP1 x64 and Windows Server 2008 SP1 x64 by utilizing totally undocumented APIs, to still allow hooking into any terminal session.
- Managed/Unmanaged module stack trace inside a hook handler
- Get calling managed/unmanaged module inside a hook handler
- Create custom stack traces inside a hook handler
- You will be able to write injection libraries and host processes compiled for AnyCPU, which will allow you to inject your code into 32- and 64-Bit processes from 64- and 32-Bit processes by using the very same assembly in all cases.
- EasyHook supports RIP-relative addressing relocation for 64-Bit targets.
- No unpacking/installation necessary.
- The Visual Studio Redistributable is not required.
The following is a screenshot of the ProcessMonitor-Demo:
Here is an example for a "Powered By" Logo but you could of course create one yourself: