Mhook VS Microsoft Research Detours Package

Compare Mhook vs Microsoft Research Detours Package and see what are their differences.

Mhook

A Windows API hooking library (by apriorit)

Microsoft Research Detours Package

Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form. (by microsoft)
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Mhook Microsoft Research Detours Package
0 17
185 4,811
0.0% 2.5%
0.0 2.7
almost 2 years ago 3 months ago
C C++
MIT License MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

Mhook

Posts with mentions or reviews of Mhook. We have used some of these posts to build our list of alternatives and similar projects.

We haven't tracked posts mentioning Mhook yet.
Tracking mentions began in Dec 2020.

Microsoft Research Detours Package

Posts with mentions or reviews of Microsoft Research Detours Package. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-09-12.
  • Any sufficiently advanced uninstaller is indistinguishable from malware
    11 projects | news.ycombinator.com | 12 Sep 2023
    You essentially replace a function with your own. The project is at https://github.com/microsoft/Detours.

    I’ve created a PowerShell module that wraps this library to make it easier to hook functions on the fly for testing https://github.com/jborean93/PSDetour. For example I used it to capture TLS session data for decryption https://gist.github.com/jborean93/6c1f1b3130f2675f1618da5663... as well as create an strace like functionality for various Win32 APIs (still expanding as I find more use cases) https://github.com/jborean93/PSDetour-Hooks

  • #rescuerift
    3 projects | /r/Rift | 27 May 2023
    But the client is much different now, and most of that won't work anymore. The client is heavily obfuscated and you can't use a packet sniffer, the communications are encrypted, you CAN however use things like Microsoft Detours to peek at communications
  • Is it possible to edit the XAML of the Win11 Taskbar?
    2 projects | /r/Windows11 | 18 Jan 2023
    3. Manual hooking (Not recommended): It's possible to use some hooking library like Microsoft Detours to hook the functions responsible for creating the UI layout. I highly unrecommend this method as it's the most method prone to be broken by any change Microsoft does.
  • Using Landlock to Sandbox GNU Make
    10 projects | news.ycombinator.com | 7 Aug 2022
    > With regards to chroot, I stand corrected. I knew it was a tree of symlinks, but I thought it was also more than that because symlinks alone don't seem like a sandbox. Honestly, Cosmopolitan's system appears to be more of a sandbox than that.

    To be totally clear: the tree of symlinks thing is a fallback, used only when lacking platform support or when sandboxing is explicitly turned off [0]. On Linux, the normal sandboxing strategy is to use namespaces, like most container runtimes. On Mac it apparently uses sandbox-exec (some opaque Apple tool), as was mentioned above. Chroot, being both non-POSIX, requiring root access on many systems, and not providing the necessary facilities is not really a great fit -- which I assume is why it's not used.

    There was experimental Windows sandbox support at one point [1] based on how MS does it for BuildXL (their own build tool for giant monorepos) [2]. Unfortunately it doesn't seem to be maintained, and under the hood it's kinda ugly -- it actively rewrites code in-memory to intercept calls to the Win32 APIs [3], which was apparently the cleanest/best way MS could come up with. However, from Bazel's POV it works in a roughly similar way -- you spawn subprocesses under a supervisor, which is in charge of spinning up whatever the target process is with restrictions on time/memory usage/file access.

    On the "sandbox in the interpreter" thing: what kind of checks are you envisioning? It seems like putting checks at that level would end up leaving a lot out -- the goal of any build system is to eventually spawn an arbitrary process (Python, gcc, javac, some shell script, etc.) and so even with extensive checks in starlark you'd end up with accidental sandbox breaks all over the place. For pure starlark rules you could e.g. check that there are no inputs from /usr, but even then if gcc does it implicitly, you're SOL. Or am I thinking of the wrong kind of checks?

    [0] https://bazel.build/docs/sandboxing#sandboxing-strategies

    [1] https://github.com/bazelbuild/bazel/issues/5136#issuecomment...

    [2] https://github.com/microsoft/BuildXL/blob/master/Documentati...

    [3] https://github.com/microsoft/Detours/wiki

  • Implementing Global Injection and Hooking in Windows
    5 projects | news.ycombinator.com | 19 Apr 2022
    If you need to hook methods in a remote process (and also inject payload), you may also consider the Detours library [1]. It has a straightforward API and its repository contains many interesting samples. One thing I was missing in the library was a function to inject code into a running process. So I wrote takedetour [2] which I use as a template for my other projects. Maybe you will find it useful as well.

    [1] https://github.com/microsoft/Detours

    [2] https://github.com/lowleveldesign/takedetour

  • How does one make app for overlays in videogames?
    2 projects | /r/gamedev | 16 Aug 2021
    From a technical perspective, you have to inject yourself into the running game and put your drawing code after the game finishes its drawing code. For example, you could hook some APIs with Detours. Or create a fake DirectX/OpenGL DLL that intercepts the drawing calls and passes it along to the real DLL. With Vulkan you can also investigate creating your overlay as a custom layer.

What are some alternatives?

When comparing Mhook and Microsoft Research Detours Package you can also consider the following projects:

ProtoInput - Proto Input enables split screen on PC games by hooking Windows functions and redirecting input from multiple keyboards/mice/controllers

reproc - A cross-platform (C99/C++11) process library

orbit - C/C++ Performance Profiler

pe-sieve - Scans a given process. Recognizes and dumps a variety of potentially malicious implants (replaced/injected PEs, shellcodes, hooks, in-memory patches).

samurai - ninja-compatible build tool written in C

pmaudit - "Poor Man's Audit" (lightweight build-auditing script)

GGST-hook - Guilty Gear Strive Client Hook that speeds up the login process and other network dependent processes

AppInitHook - Global user-mode hooking framework, based on AppInit_DLLs. The goal is to allow you to rapidly develop hooks to inject in an arbitrary process.

anticuckoo - A tool to detect and crash Cuckoo Sandbox

WidescreenFixesPack - Plugins to make or improve widescreen resolutions support in games, add more features and fix bugs.

BuildXL - Microsoft Build Accelerator

imgui - Dear ImGui: Bloat-free Graphical User interface for C++ with minimal dependencies