explaingit

tsudakageyu/minhook

5,747CAudience · developerComplexity · 4/5LicenseSetup · moderate

TLDR

Small C library for Windows that intercepts and modifies function behavior at runtime. Point it at any function in memory and it redirects calls through your own code first.

Mindmap

mindmap
  root((MinHook))
    What It Does
      Intercepts functions
      Redirects calls
      Patches memory
    Use Cases
      API hooking
      Debugging
      Security research
      Profiling
    Tech Stack
      C language
      Windows x86 x64
      CMake build
      vcpkg package
    API
      Create hook
      Enable disable
      Queue and apply
      DLL name lookup
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Intercept Windows API calls to add logging or profiling to a third-party application without its source code.

USE CASE 2

Modify the behavior of a DLL function in a running process to fix a bug or add a custom feature.

USE CASE 3

Build debugging or security research tools that inspect what a program is doing at the function-call level.

Tech stack

CVisual StudioClangMinGWCMakevcpkg

Getting it running

Difficulty · moderate Time to first run · 30min

Windows-only library, requires Visual Studio, Clang, or MinGW to build.

Use freely in personal or commercial projects with minimal restrictions, just keep the copyright notice. (2-clause BSD)

In plain English

MinHook is a small C library for Windows that lets developers intercept and modify the behavior of existing functions in a running program. The technique is called API hooking: you point MinHook at a function in memory, and it rewrites the start of that function with a jump to your own code. When the original function gets called, your code runs first (or instead), and you can then optionally call through to the original. This is commonly used for debugging, profiling, modifying the behavior of third-party software without access to its source code, and security research. The library targets both 32-bit (x86) and 64-bit (x64) Windows processes. The library's API is intentionally small. The main functions let you create a hook, enable or disable it, and remove it. There are helper functions for hooking functions that you locate by name inside a DLL, which is more convenient than finding the raw memory address yourself. When you need to enable or disable many hooks at once, a queue-and-apply pattern is available so that threads are only suspended once for the whole batch rather than once per hook. MinHook is written in plain C and has no external dependencies. The codebase was rewritten from C++ to C in version 1.3 specifically to reduce the binary size. The library can be built with Visual Studio, Clang, and MinGW, and CMake support was added in version 1.3.4. It is also available as a package through vcpkg, Microsoft's C++ package manager. The project has been maintained since 2009 and is released under the 2-clause BSD license. Full documentation and background are on the project's CodeProject page.

Copy-paste prompts

Prompt 1
Using MinHook in C, write code to hook the MessageBoxW function in user32.dll and log every call with its parameters before letting the original run.
Prompt 2
Show me how to use MinHook to intercept a function by name from a DLL, disable the hook after 10 calls, then remove it cleanly.
Prompt 3
Using MinHook's queue-and-apply API, enable three different hooks at once so threads are only suspended once. Show the setup and teardown code.
Prompt 4
Explain the MinHook workflow: create a hook, enable it, call the trampoline to reach the original function, then disable and remove it.
Open on GitHub → Explain another repo

← tsudakageyu on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.