PSDetour
subhook
PSDetour | subhook | |
---|---|---|
1 | 1 | |
63 | 764 | |
- | - | |
6.3 | 0.0 | |
8 months ago | about 1 year ago | |
C# | C | |
MIT License | BSD 2-clause "Simplified" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
PSDetour
-
Any sufficiently advanced uninstaller is indistinguishable from malware
You essentially replace a function with your own. The project is at https://github.com/microsoft/Detours.
I’ve created a PowerShell module that wraps this library to make it easier to hook functions on the fly for testing https://github.com/jborean93/PSDetour. For example I used it to capture TLS session data for decryption https://gist.github.com/jborean93/6c1f1b3130f2675f1618da5663... as well as create an strace like functionality for various Win32 APIs (still expanding as I find more use cases) https://github.com/jborean93/PSDetour-Hooks
subhook
What are some alternatives?
PolyHook_2_0 - C++20, x86/x64 Hooking Libary v2.0
cdecl - Composing and deciphering C (or C++) declarations or casts, aka ‘‘gibberish.’’
PSDetour-Hooks - Auditing Hooks for https://github.com/jborean93/PSDetour
HideProcessHook - DLL that hooks the NtQuerySystemInformation API and hides a process name
CMake-Getting-Started - Welcome to the Project Template for Modular C Programming with CMake! This template aims to provide you with a seamless environment for running C programs and developing them in a modular, subdirectory-based format.
Microsoft Research Detours Package - Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
go - The Go programming language