subhook - A simple hooking library for C/C++

  •        345

SubHook is a super-simple hooking library for C/C++ that works on Linux and Windows. It currently supports x86 and x86-64. In the following examples foo is some function or a function pointer that takes a single argument of type int and uses the same calling convention as my_foo (depends on compiler).



Related Projects

EasyHook - The reinvention of Windows API Hooking

  •    CSharp

EasyHook starts where Microsoft Detours ends. Supports extending (hooking) unmanaged code (APIs) with pure managed ones, from within a fully manage environment.

talisman - By hooking into the pre-push hook provided by Git, Talisman validates the outgoing changeset for things that look suspicious - such as authorization tokens and private keys

  •    Go

Talisman is a tool to validate code changes that are to be pushed out of a local Git repository on a developer's workstation. By hooking into the pre-push hook provided by Git, it validates the outgoing changeset for things that look suspicious - such as potential SSH keys, authorization tokens, private keys etc. The aim is for this tool to do this through a variety of means including file names and file content. We hope to have it be an effective check to prevent potentially harmful security mistakes from happening due to secrets which get accidentally checked in to a repository.

rp - rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O x86/x64 binaries

  •    C++

rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O (doesn't support the FAT binaries) x86/x64 binaries. It is open-source, documented with Doxygen (well, I'm trying to..) and has been tested on several OS: Debian / Windows 7 / FreeBSD / Mac OSX Lion (10.7.3). Moreover, it is x64 compatible. I almost forgot, it handles both Intel and AT&T syntax (beloved BeaEngine). By the way, the tool is a standalone executable ; I will upload static-compiled binaries for each OS. You can build very easily rp++ with CMake, it will generate a project file for your prefered IDE. There are some other things you will be able to do with rp++, like finding hexadecimal values, or strings, etc.

minhook - The Minimalistic x86/x64 API Hooking Library for Windows

  •    C

I need some funds to continue developing this library. All contributions gratefully accepted.

hook send/recv function with CreateRemoteThread


this sample is hooking send/recv function with CreateRemoteThread api.

Deviare2 - Deviare API Hook

  •    C

Deviare is a professional hooking engine for instrumenting arbitrary Win32 functions, COM objects, and functions whose symbols are located in program databases (PDBs). It can intercept unmanaged code in 32-bit and 64-bit applications. It is implemented as a COM component, so it can be integrated with all the programming languages which support COM, such as C/C++, VB, C#, Delphi, and Python. Several Fortune 500 companies are using Deviare technology for application virtualization, packaging, and troubleshooting, and for computer security. Computer science researchers are also using Deviare to conduct malware and reverse engineering studies. Our blog articles contain a vast quantity of code samples to get you started easily.

DdiMon - Monitoring and controlling kernel API calls with stealth hook using EPT

  •    C++

DdiMon is a hypervisor performing inline hooking that is invisible to a guest (ie, any code other than DdiMon) by using extended page table (EPT). DdiMon is meant to be an educational tool for understanding how to use EPT from a programming perspective for research. To demonstrate it, DdiMon installs the invisible inline hooks on the following device driver interfaces (DDIs) to monitor activities of the Windows built-in kernel patch protection, a.k.a. PatchGuard, and hide certain processes without being detected by PatchGuard.

HiddenWall - Tool to generate a Linux kernel module for custom rules with Netfilter hooking. (block ports, Hidden mode, rootkit functions etc)

  •    C

HiddenWall is a Linux kernel module generator for custom rules with netfilter. (block ports, Hidden mode, rootkit functions etc). The motivation: on bad situation, attacker can put your iptables/ufw to fall... but if you have HiddenWall, the attacker will not find the hidden kernel module that block external access, because have a hook to netfilter on kernel land(think like a second layer for firewall).

SWRoute - PoC of function hooking in Swift

  •    Swift

SWRoute is a tiny Swift wrapper over rd_route(). It allows you to route (hook) quite any function/method with another function/method or even a closure. This code hasn't been updated since Xcode beta 1, so it may be outdated. Remember, it's just a proof-of-concept of what you can do in Swift.

.NETAsm, a JIT Native Code Injection Library


NetAsm provides a hook to the .NET JIT compiler and enables to inject your own native code in replacement of the default CLR JIT compilation. With this library, it is possible, at runtime, to inject x86 assembler code in CLR methods with the speed of a pure CLR method call and...

Byzantium - Configs and code for Project Byzantium.

  •    C

Project Byzantium, a working group of HacDC ( is proud to announce the release of v0.5 beta of Byzantium Linux, a live distribution of Linux which makes it fast and easy to construct an ad-hoc wireless mesh network which can augment or replace the existing telecommunications infrastructure in the event that it is knocked offline (for example, due to a natural disaster) or rendered untrustworthy (through widespread surveillance or disconnection by hostile entities). This release was developed in the days following Hurricane Sandy, and was perfected while the core development team was assisting with disaster relief efforts in the Red Hook neighborhood of New York City in November of 2012. Byzantium Linux is designed to run on any x86 computer with at least one 802.11 a/b/g/n wireless interface. Byzantium can be burned to a CD- or DVD-ROM (the .iso image is a bit over 370 megabytes in size), booted from an external hard drive, or can even be installed in parallel with an existing operating system without risk to the user's data and software. Byzantium Linux will act as a node of the mesh and will automatically connect to other mesh nodes and act as an access point for wifi-enabled mobile devices. This release of Byzantium Linux also incorporates seamless interoperability with mesh networks constructed using the Commotion Wireless ( firmware.

awesome-cmake - A curated list of awesome CMake resources, scripts, modules, examples and others.


Your contributions are highly welcome (first see These provide a wide range of functionality - from dealing with compiler flags to using tools. Some also contain modules.

cmake-init - Template for reliable, cross-platform C++ project setup using cmake.

  •    C++

cmake-init is a sophisticated copy & paste template for modern C and C++ projects. The main goals include support of all use cases around software development (programming, testing, Q&A, deployment, documentation) while being modular, flexible, and idomatic. cmake-init is therefore a collection of cmake best-practices. The file contains a task checklist for new projects. More generally, a new project should contain all core modules and, as needed, add the maintainer and development modules as required. cmake-init does not impose modularity rules for the cmake targets.

cmake-examples - A collection of as simple as possible, modern CMake projects

  •    CMake

This repository is a collection of as simple as possible CMake projects (with a focus on installing). The idea is to try and help understand exactly what each part of a CMakeLists.txt file does and why it is needed. Please see the Core Example README for steps on using the example libraries and the Installing README for an overview of installing CMake libraries. The More Example section contains slightly more complex examples and will continue to grow.

CMake - Mirror of CMake upstream repository

  •    C

CMake is a cross-platform, open-source build system generator. For full documentation visit the CMake Home Page and the CMake Documentation Page. The CMake Community Wiki also references useful guides and recipes. CMake is maintained and supported by Kitware and developed in collaboration with a productive community of contributors.

cmake-examples - Useful CMake Examples

  •    CMake

CMake is a cross-platform open-source meta-build system which can build, test and package software. It can be used to support multiple native build environments including make, Apple’s xcode and Microsoft Visual Studio. This repository includes some example modern CMake configurations which I have picked up when exploring it’s usage for various projects. The examples are laid out in a tutorial like format. The first examples are very basic and slowly increase in complexity drawing on previous examples to show more complex use cases.

suitesparse-metis-for-windows - CMake scripts for painless usage of SuiteSparse+METIS from Visual Studio and the rest of Windows/Linux/OSX IDEs supported by CMake

  •    C

CMake scripts for painless usage of Tim Davis' SuiteSparse (CHOLMOD,UMFPACK,AMD,LDL,SPQR,...) and METIS from Visual Studio and the rest of Windows/Linux/OSX IDEs supported by CMake. The project includes precompiled BLAS/LAPACK DLLs for easy use with Visual C++. Licensed under BSD 3-Clause License. The goal is using one single CMake code to build against SuiteSparse in standard Linux package systems (e.g. libsuitesparse-dev) and in manual compilations under Windows.

cmake-modules - My collection of CMake modules

  •    CMake

Ryan A. Pavlik, Ph.D. This is a collection of CMake modules that I've produced during the course of a variety of software development. There are a number of find modules, especially for virtual reality and physical simulation packages, some utility modules of more general interest, and some patches or workarounds for CMake itself.