CaptainHook is hooking framwork for x86/x64 arch, it’s based on capstone disassembler engine. CaptainHook equipped with smart engine (TO FINISH). CaptainHook is easy to using, and very freandly. the hook engine is much like MS Detours, so why to choose it?

* its support x64 (Detours x64 is commerical – $10,000~)
* CaptainHook will know where to locate your hook in real time, its analyze the code, and find if small API redirection (Wow64 hook on kernelbase for example, or on protector like VMP or Themida) was occurred
* in the next release, CaptainHook will contain an engine for jmp/conditional jmp repair – if your hook corrupt sensitive code
* in the next release, CaptainHook will contain more hook type, like PageGuard hooking etc.


It is great to see a new Capstone-based project, like this.

PolyHook – The C++11 x86/x64 Hooking Library: A modern, universal, c++ hooking library. It’s often useful to modify the behavior of an application at runtime when access to the source code is not available. To do this people have traditionally relied on libraries such as Microsoft Detours, Minhook, and a few others. Each of these libraries has significant drawbacks however. Detours is x86 only unless a ‘Professional’ liscense is used, but that costs USD $10000. Minhook is pretty good but i relies on pre crafted trampoline routines, sometimes fails to hook, and the source code is overly bloated. To me there was only one real solution, write my own library, on my own terms, with the goal of being the smallest, cleanest, easiest hooking library in existance! […]