Skip to main content

Module hook

Module hook 

Source
Available on crate feature hook only.
Expand description

§Remote processes

There are mainly three ways to hook remote processes:

  • inject: Inject a DLL directly
    • Controllable target processes.
    • Easily hot reload.
    • Hard to manage for multi-process applications (Explorer).
    • May cause antivirus false positives.
  • Register a Shell extension
    • Require system (Registry) changes.
    • Hard to hot reload, since the extension will be loaded into many processes.
  • DLL hijacking
    • Only suitable for third-party applications.

§Applications

  • As a performance/shittiness measure.
    • Windows 11 24H2 Explorer: 2000 calls/folder
    • DOpus: 250 calls/folder
    • TC: 0?

Modules§

display_name
dllhook-dll
To export hook DLL APIs:
folder
injecthook-dll
propprop

Structs§

HookConfig
Hook configuration for [SHCreateItemFromIDList]. This is used to intercept shell item creation from ID lists.
HookConfigBuilder
Use builder syntax to set the inputs and finish with build().

Functions§

SHCreateItemFromIDList_windows_storage
set_hook
Set the hook with optional config. If config is None or enabled is false, the hook is disabled.