EasyHook

The reinvention of Windows API Hooking

Home | Downloads | Documentation | Tutorials View on GitHub

Welcome to EasyHook

EasyHook makes it possible to extend (via hooking) unmanaged code APIs with pure managed functions, from within a fully managed environment on 32- or 64-bit Windows XP SP2, Windows Vista x64, Windows Server 2008 x64, Windows 7, Windows 8.1, and Windows 10.

EasyHook supports injecting assemblies built for .NET Framework 3.5 / 4.0+ as well as native DLLs.

As of November 2015 EasyHook is released under the MIT license.

Bug reports or questions

Reporting bugs is the only way to get them fixed and help other users of the library!

Please report issues and ask questions on the GitHub project issue tracker or Join the chat at https://gitter.im/EasyHook/EasyHook

Donations

Donations are greatly appreciated. If you find EasyHook useful, or are feeling generous and would like to make a donation to this project, we accept donation's via PayPal :)

Donate

Features

  • A "Thread Deadlock Barrier" deals with many core problems when hooking unknown APIs; this technology is unique to EasyHook
  • You can write managed hook handlers for unmanaged APIs
  • You can use all the convenience managed code provides, like .NET Remoting, WPF and WCF
  • .NET assemblies are injected into a new AppDomain where possible, ensuring that your assemblies are completely unloaded from the target when detached
  • You can write injection libraries and host processes compiled for AnyCPU, which allows you to inject your assembly into both 32- and 64-bit processes from 64- and 32-bit processes.
  • Your .NET assemblies do not need to be registered in the Global Assembly Cache (GAC) - greatly simplifying development and releases
  • EasyHook supports RIP-relative address relocation for 64-bit targets.
  • Support for hooking COM interfaces
  • A documented, pure unmanaged hooking API
  • No resource or memory leaks are left in the target
  • EasyHook32.dll and EasyHook64.dll are native libraries that can be used without any .NET framework installed
  • All hooks are installed and automatically removed in a stable manner
  • Support for Thread ACLs to control which threads will use the hook
  • Experimental stealth injection mechanism that won't raise attention of AV Software
  • Managed/Unmanaged module stack trace inside a hook handler
  • Get calling managed/unmanaged module inside a hook handler
  • Create custom stack traces inside a hook handler
  • No unpacking/installation necessary.
  • The Visual Studio redistributables are not required.
  • Support for 32- and 64-bit kernel mode hooking - however no support for bypassing PatchGuard is supplied

Authors and Contributors

EasyHook was originally released by Christoph Husse in 2008 and since 2012 has been maintained by Justin Stenning (@spazzarama). The project moved from CodePlex to GitHub in August 2015.

As of November 2015 EasyHook is now released under the MIT license.

EasyHook includes the UDIS86 library Copyright (c) 2002-2012, Vivek Thampi - https://github.com/vmt/udis86