Home

Awesome

kptnhook

TL;DL

Kptnhooks aim is to assist in global api hooking for security research and reverse engineering. I'm using a kernel driver to ensure each and every process is accessible, from the first processes started by windows before even the login screen. Certain security mitigations have to be disabled from the kernel side for this to work, as some windows processes have special protections against hooking and injection.

Status

This is still highly WIP. The kerneldriver is correctly injecting into 32 and 64bit processes without crashing any of them but the dll is not doing anything yet. Here is my TODO list: