MinHook – The Minimalistic x86/x64 API Hooking Library (fork)
MinHook is a Windows API hooking library originally written by Tsuda Kageyu.
It’s probably the best free WinAPI library out there which supports both x86 and x64.
But it’s not perfect, and didn’t completely fit my needs, so I created a fork on GitHub which addresses some of its limitations.
Below you’ll see how the fork improves upon the original MinHook library.
Added the ability to enable/disable multiple hooks in one go
This was the most critical limitation for me.
Enabling or disabling a hook is a very expensive operation. In order to safely enable/disable a hook, all the process’ threads must be suspended, and resumed after the trampoline is patched. With the original API you couldn’t avoid doing this for every hook you enable or disable.
The fork introduces new APIs for efficiently enabling/disabling multiple hooks in one go: MH_QueueEnableHook, MH_QueueDisableHook and MH_ApplyQueued.
By calling MH_QueueEnableHook or MH_QueueDisableHook multiple times, the hooks aren’t actually get enabled or disabled, but are merely flagged for the desired change. Then, when MH_ApplyQueued is called, all the flagged hooks are enabled/disabled in one go. The process’ threads get suspended and resumed only once, instead of every time for each enabled or disabled hook.
Also, the MH_EnableHook and MH_DisableHook functions can now be called with the MH_ALL_HOOKS parameter, which will efficiently enable or disable all created hooks.
The result: toggling 100 hooks could take about 700 ms (almost one second!) with the old APIs, but takes only 6 ms with the new APIs. (source)
Fixed bugs and improved compatibility
In short: now it works with more functions, and will correctly fail if a function can’t be hooked (instead of corrupting other functions).
For more details see here.
Removed Boost dependency
This is not as critical as the previous limitations, but is definitely an improvement.
Download
Get the latest code of the MinHook fork here.
I have compiled a release build of the engine,
but i don’t know how to hook the native API ?
Please read the original article here.
Is posible to use the lib in kernel mode??
I’m not familiar with kernel mode, and can’t tell you for sure.
You might want to ask the original author here:
http://www.codeproject.com/Articles/44326/MinHook-The-Minimalistic-x86-x64-API-Hooking-Libra
recently tried your fork – thanks for all the work
the thing is, i tried it using cross-compilation on linux (using mingw) – it was a success, but some patches to the code were needed
so, i’m wondering if you are interested in some feedback to make it more compatible or not
i am by no means familiar with all there is to portability issues out there, but still: if you are interested – you know who to poke )
p.s. writing here because it was the first way of communicating with you on the topic that came to my mind
Hi,
While I’m personally not interested in cross-compiling MinHook, others might find it useful, so if the patches don’t affect the MSVC build, it can’t hurt. Feel free to submit pull requests:
https://github.com/RaMMicHaeL/minhook