EasyHook 2.6 Stable

Rating:        Based on 18 ratings
Reviewed:  16 reviews
Downloads: 87438
Released: Mar 8, 2009
Updated: Mar 3, 2010 by ChristophHusse
Dev status: Stable Help Icon

Recommended Download

Application Binaries with Eaxamples
application, 178K, uploaded Mar 9, 2009 - 32231 downloads

Other Available Downloads

Source Code Complete Source Code
source code, 481K, uploaded Mar 8, 2009 - 15629 downloads
Documentation Managed API Documentation
documentation, 153K, uploaded Mar 8, 2009 - 11301 downloads
Documentation Unmanaged API Documentation
documentation, 387K, uploaded Mar 8, 2009 - 10283 downloads
Documentation Tutorial and Introduction
documentation, 424K, uploaded Mar 8, 2009 - 17994 downloads

Release Notes

ATTENTION: I heard some complains about using EasyHook on 64-Bit (Windows 7). So today I tried it myself and the thing is that some important APIs raise an UnsupportedException "STATUSNOTSUPPORTED: Hooking near (conditional) jumps is not supported. (Code: 487)”. This is NOT a failure of EasyHook. near jumps are to small too be hooked with EasyHook. Even if one could improve EasyHook to hook near jumps it is just not worth it. Instead use a disassembler and try to find other APIs in the call hierarchy that are supported by EasyHook. For example OpenProcess() is not supported on Windows 7 x64. Instead take a look at NtOpenProcess() in "ntdll.dll" and you will find that it IS SUPPORTED. Internally OpenProcess() will always call NtOpenProcess() so you are done... Please don't forget that hooking is not straigthforward and you have to experiment a bit and be creative. If you give up if hooking fails the first time you won't get far... regards chris

Well, I received many complains about the license change... So the license will stay LGPL, forever!

UPDATED: "EasyHook.h" was missing in the binary package...

Thanks to your bug reports, I can now provide a stable version of EasyHook! If the code changes break any of your existing applications, please report a bug! And also if you find other bugs ;-).


There are two issues I couldn't fix. There is more information about them in the file "KNOWN ISSUES.txt".
I worked on the following issues the community has reported for EasyHook 2.5 Beta.

1) EasyHook.IEntryPoint.Run doesn't error if match isn't found. ----- DONE
2) Not calling EasyHook.Config.Register fails. ----- DONE
3) Launch the sample indirectly introduced crash on Vista ---- NOT FIXED (try ShellExecute() because obviously the explorer is able to start it properly)
4) Defect: target process exit unexpected when CreateAndInject a cmd.exe ---- DONE
5) CreateAndInject doesn't work for managed targets ---- NOT FIXED (use a wrapper process, apply all hook locally into that process and then load the target process via Assembly.Load(), extract its main() method and execute it)
7) Get rid of the internal GAC-Util usage --- DONE / DRAWBACK: for managed injections you will always have to be admin, unless you are installing the DLLs with an installation routine in the GAC!
8) Get rid of the temporary directory --- DONE
9) Ability to pass custom flags to CreateProcess via CreateAndInject()! --- DONE
10) EasyHookSvc IPC-Channel requires admin privileges. ---- DONE / Now uses WorldSid if IsAdministrator() returns false within the service. This is only the case if the caller is not admin and started a WOW64Bypass, so all things should be fine now!

Reviews for this release

quite good, but ha a memory leak
by Elmue on Nov 19, 2012 at 2:05 AM
Easyhook makes hooking a native application with .NET code simple and fun! The examples are all you need to get going. I just wish the developers had more time to contribute for working with this project.
by terminal on Sep 28, 2012 at 2:48 PM
Why LhInstallHook return STATUS_NOT_SUPPORTED in 64 bit win7,but it can work in 32bit win7?
by iEvil on Dec 19, 2011 at 7:42 AM
Easyhook is like the name says, EASY! I'm not much of a programmer, but even I managed to create a program that succesfully hooks itself into another programs and reads registry and file writes! Great software!
by Martijn1985 on Sep 28, 2011 at 2:11 PM
An inherently unsafe way of hooking Code analysis says: EasyHook is inherently unsafe. It works in many cases, it can detect some cases that are unsafe and refuse to hook, but some unsafe cases are not detected. We are talking about crashing the processes that are hooked! Please don't use EasyHook in software that some day might be running on my computer! Details in Discussions...
by Axel666 on Apr 14, 2011 at 5:55 PM
Thanks For Update, Very Very Nice.
by bprg on Mar 2, 2011 at 2:21 PM
So easy! Excellent work!
by Eloff on Aug 22, 2010 at 4:09 AM
by gkarpouzas on Aug 13, 2010 at 6:46 PM
by eschuch on Jul 13, 2010 at 2:24 PM
Great Software Very Easy To Use.
by keremkusmezer on Jan 8, 2010 at 8:29 AM
When I was assigned to a computer monitoring proyect, I was really scared because of the complex hook systems available, lots of C++, weird debug options, etc. With EasyHook we have worked on a lot of modules with no pain, almost no difficulty, just pick the right signature and you are ready to go!. The IPC options built-in in the system allows you to write really clean and easy to debug code.
by pabloah on Jul 8, 2009 at 8:54 PM
This is, without a doubt, so successful it renders tens of other commercial software components obsolete. This definitely will be the first and last choice for any programmer. I wish I could rate 7 stars.
by secutos on Jul 8, 2009 at 3:56 PM
Do yourself a favor and try it out.
by xenoglyph on Mar 15, 2009 at 9:55 AM
This is just brilliant! I'm very impressed, documentation is great also. Thanks a lot for publishing it.
by bschwehn on Mar 12, 2009 at 7:42 PM
Does exactly what it says on the tin. Professionally written, easy to use, technically excellent. Many thanks for making it open source.
by Maccy on Mar 9, 2009 at 10:32 AM
Perfect! I'm very exciting to see the list of fixes. Thanks a bunch for your efforts and excellent work!
by Aladdina on Mar 9, 2009 at 1:49 AM