Cross-process instrumentation for Windows x64, entirely from TypeScript —
hook functions, redirect threads, and read/write memory inside another
process, with no injected DLL and no CreateRemoteThread.
Caution
LEGAL & ETHICAL DISCLAIMER This repository contains software engineering and reverse engineering instrumentation tools. It is provided strictly for educational purposes, security analysis, and malware research. Under no circumstances should this toolkit be used to exploit commercial software, target production systems, or bypass endpoint protections in protected software. The authors and contributors assume no liability for any misuse, damage, or legal consequences resulting from the execution or alteration of this codebase. By cloning, compiling, or referencing this repository, you agree to assume all risk and responsibility.
nhook streaming real keystrokes out of a freshly spawned notepad.exe —
see examples/notepad-keystroke-hook/.
- 🧵
EB FEpark-and-simulate hooking (bun-nhook) — Exoproc's flagship technique: an allocation-free 2-byte inline hook. Park any thread that enters the function, hand control to JS, inspect/modify args, force a return value, resume. - 🪝 Real trampoline hooking, across process boundaries
(
bun-minhook) — a faithful MinHook-style 5-bytejmp+ trampoline/detour hook, but the target lives in another process. - ⚙️ Thread redirection, no
CreateRemoteThread(bun-nthread) — every remote call in this toolkit runs by suspending and redirecting one of the target's own live threads, never by spawning a new one or injecting machineCode. - 🧬 C structs that feel native in TS (
bun-xffi) —player.health = 100,entity.position.x, nested and all, backed 1:1 by real (even remote) memory. - ⚡
bun:ffiall the way down (bun-xffi) — a runtime TinyCC JIT for machineCode and a Capstone disassembler for instruction-level work.
Each package's own README has the code — quick starts, the full API surface, and how the pieces compose.
- Bun ≥ 1.3.0
- Windows x64 — or Linux with Wine for development (the whole test suite runs under Wine)
bun install # also downloads Capstone deps
bun run build
bun testSee examples/ for standalone, runnable demo projects against
a real target process.
See CONTRIBUTING.md for development setup, the Wine testing workflow, and coding standards.
Found a vulnerability? Please see SECURITY.md for how to report it responsibly instead of opening a public issue.
GNU AGPL-3.0-or-later — Copyright (C) 2026 Serkan Aksoy. Provided for lawful security research and education only; you are responsible for how you use it. Chosen deliberately over a permissive license: any modified version — including one run as a network service — must have its corresponding source made available to its users under the same terms.

