Available on crate feature
hook only.Expand description
§Remote processes
There are mainly three ways to hook remote processes:
inject: Inject aDLLdirectly- Controllable target processes.
- Easily hot reload.
- Hard to manage for multi-process applications (Explorer).
- May cause antivirus false positives.
- Register a Shell extension
- Require system (Registry) changes.
- Hard to hot reload, since the extension will be loaded into many processes.
- DLL hijacking
- Only suitable for third-party applications.
§Applications
- As a performance/shittiness measure.
- Windows 11 24H2 Explorer: 2000 calls/folder
- DOpus: 250 calls/folder
- TC: 0?
Modules§
- display_
name - dll
hook-dll - To export hook DLL APIs:
- folder
- inject
hook-dll - prop
prop
Structs§
- Hook
Config - Hook configuration for [
SHCreateItemFromIDList]. This is used to intercept shell item creation from ID lists. - Hook
Config Builder - Use builder syntax to set the inputs and finish with
build().
Functions§
- SHCreate
Item ⚠FromID List_ windows_ storage - set_
hook - Set the hook with optional config. If config is None or enabled is false, the hook is disabled.