30 open-source projects similar to ramensoftware/windhawk, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Windhawk alternative.
LSPosed is an Android runtime hooking framework and system modification tool. It enables the modification of application and system behavior in memory without altering original installation files, serving as a platform for distributing and managing community-created extension modules. The project provides a comprehensive suite for device and identity spoofing, including the ability to mask hardware identifiers, simulate geographic locations, and conceal root access or hooking frameworks to bypass security and integrity checks. It also functions as an application modder to unlock premium featu
Open-Shell-Menu is a Windows shell extension and UI restorer designed to replace modern system interfaces with traditional styles. It functions as a start menu replacement and a customization tool for the Windows file manager and other system applications. The project restores legacy hierarchical navigation to the start menu and reinstates classic visual elements, such as traditional title bars and copy dialogs. It specifically targets the restoration of legacy toolbars and status bars within the file manager and introduces traditional interface elements to web browser windows.
TranslucentTB is a desktop utility designed to modify the visual appearance of the Windows taskbar. It functions as a system interface extension that allows users to adjust the transparency and visual style of the taskbar to achieve a personalized desktop aesthetic. The application interacts with system APIs to intercept and override default rendering behaviors, enabling effects such as blur, acrylic, or clear transparency. It monitors system events and window focus changes in real-time, allowing the taskbar appearance to update dynamically based on current user activity and workspace conditi
Frida is a dynamic binary instrumentation toolkit that provides a framework for deep process introspection and live application state manipulation. It enables the injection of custom scripts into running processes to trace function calls, modify memory, and analyze application behavior in real-time across diverse operating systems and processor architectures. The project distinguishes itself by embedding a high-performance JavaScript engine directly within the target process, allowing for the execution of user-defined logic for real-time inspection. It utilizes instruction-level hooking to re
ReZygisk is an Android root module framework and Zygote process injector. It functions as a native hooking engine and linker redirection tool designed to inject custom code into the Android Zygote process so that modifications are inherited by all spawned applications. The project provides a decoupled abstraction layer and Zygisk API implementation, allowing system modules to operate independently of specific root management tools. This ensures that root modules remain stable and compatible across various kernel-level rooting solutions. The framework includes capabilities for system process
MicaForEveryone is a Windows 11 window customizer and styling tool designed to apply modern backdrop effects and transparency to the title bars of Win32 applications. It functions as a Desktop Window Manager extension that forces specific system materials onto application windows, regardless of whether the native application supports them. The tool specifically targets legacy Win32 application frames, modifying their visual properties to align with the contemporary Fluent Design system. This allows for a consistent visual style across the operating system by updating the appearance of older s
Epic is a toolkit for Android runtime instrumentation, method interception, and security posture auditing. It functions as an aspect-oriented programming framework and a dynamic method interceptor designed to monitor and alter the behavior of Java methods within the Android Runtime. The project provides capabilities for intercepting and modifying both core Android framework components and specific application logic. This allows for the injection of custom Java behavior and the redirection of method execution without altering the original source code. The framework includes tools for applicat
CloverBootloader is a UEFI-compliant boot loader designed to initialize hardware and launch multiple operating systems across various platforms. Its primary purpose is to enable the booting of operating systems on unsupported hardware through system identity spoofing and hardware emulation. The project specializes in hardware compatibility patching by modifying ACPI tables, faking hardware IDs, and patching binary kernels or extensions in memory during the boot process. It provides capabilities to inject kernel extensions and spoof system parameters, such as product names and serial numbers,
UEVR is a modding toolkit designed to inject virtual reality support into games built with Unreal Engine. It functions as a stereoscopic rendering injector and plugin loader that enables 3D depth and head tracking in titles not natively designed for VR. The project distinguishes itself by providing a framework for six-degree-of-freedom tracking and a world-space UI projector that transforms flat 2D interface elements into 3D objects. It includes a VR input mapping framework to synchronize headset and controller transforms with engine components for physics and camera interaction. The system
vgpu_unlock is a set of software tools and driver modifications designed to unlock enterprise-grade virtualization features on consumer graphics hardware. It functions as a vGPU unlock tool and hardware device ID spoofer that allows a single graphics card to be shared across multiple virtual machines. The project achieves this by employing driver-level hooking, dynamic memory patching, and kernel-level device spoofing. These techniques intercept hardware identification queries and modify the operational state of the GPU driver at runtime to bypass manufacturer-imposed software restrictions.
rdpwrap is a set of system utilities and services designed to enable, configure, and manage remote desktop protocol access and video compression settings. It functions as a service and manager that allows remote desktop connections on operating system versions where the feature is restricted or disabled by the vendor. The project provides tools to override system-level restrictions for remote access and activate remote desktop protocol services on unsupported versions. It includes a configuration tool for managing H.264 video compression and encoding settings to balance visual quality, networ
Chromatic is a Chromium runtime modifier and JavaScript engine injector designed to alter the low-level operational characteristics of Chromium and its embedded V8 engine. It functions as a tool for injecting custom logic into the V8 JavaScript engine to change application behavior at runtime. The project provides mechanisms for browser engine instrumentation and V8 runtime manipulation. It enables the modification of the internal execution flow of JavaScript within Chromium-based environments to extend native browser capabilities or bypass standard limitations.
Aspects is an aspect-oriented programming library and method hooking framework designed for intercepting and modifying JavaScript function behavior without altering the original source code. It serves as a runtime logic injector that allows for the addition and removal of executable code wrappers from active functions. The library enables the injection of custom logic before or after methods to change application behavior at runtime. It further provides the ability to intercept method calls to capture or override return values before they reach the caller. The framework manages these interce
LoadLibrary is a binary instrumentation framework that loads and executes Windows PE/COFF DLLs natively within Linux processes. It provides a cross-platform binary execution layer that maps Windows portable executable files into Linux memory, resolving imports and relocations so that exported functions can be called as if they were native Linux library routines. The framework enables runtime interception and modification of Windows DLL function behavior, including redirecting API calls to Linux-native implementations through a binary patching hook engine. It includes a code coverage auditor t
LOLBAS is a curated database and knowledge base of signed Windows binaries that can be misused to bypass security restrictions and execute unauthorized code. It serves as a technical registry that maps trusted system files to their functional capabilities and the offensive tactics they enable. The project distinguishes itself by providing a capability-driven indexing system and a tactics registry that relates legitimate binary functionality to known security evasion techniques. It includes an association layer that links specific system binaries to attack patterns and tactical objectives, pro
ScyllaHide is an anti-debugger bypass plugin and reverse engineering tool designed to hide a debugger from a target application. It functions as a user-mode API hooking library and DLL injection framework that prevents programs from detecting and closing themselves when being analyzed. The project enables malware analysis and the study of protected software by neutralizing security defenses. It achieves this by intercepting and modifying system library responses to deceive applications about their execution environment. The utility employs several technical methods to maintain stealth, inclu
ReShade is a post-processing shader injector that hooks into DirectX, OpenGL, and Vulkan rendering pipelines to apply custom shaders in real time. It operates by injecting a DLL into the target process, intercepting graphics API calls, and inserting a configurable pipeline of user-selected shader effects that read color and depth buffers to alter the final output. The project distinguishes itself through depth buffer auto-detection, which automatically identifies the depth-stencil attachment in the rendering pipeline, enabling per-pixel depth effects such as ambient occlusion and depth-of-fie
WeChatRobot is a framework providing programmatic interfaces for automating messages and interactions within the WeChat ecosystem. It functions as a bot framework that enables the automation of sending and receiving messages by intercepting system processes. The project includes specialized tools for intercepting system calls and utilizing memory-based application hooking to automate workflows, including support for Enterprise WeChat. It further provides capabilities to decrypt local application databases to recover historical chat logs and user information. Additional functionality covers t
Blackbone is a collection of specialized tools for memory scanning, process injection, and kernel-driver interfaces used to manipulate the Windows execution environment. It provides a framework for executing remote code, mapping portable executable images, and managing threads across different process boundaries. The project includes a kernel memory driver to access kernel memory and modify handle rights to hide allocations from user-mode detection. It also features a library for intercepting function calls in remote processes using software interrupts and hardware breakpoints. The toolkit c
Detours is a library for intercepting Win32 API calls and redirecting function calls at runtime on Windows, enabling binary-level instrumentation without requiring access to the original source code. It functions as an API hooking library and binary instrumentation toolkit, allowing developers to monitor or modify the behavior of compiled Windows binaries by hooking into their function execution paths. The project achieves this through detour-based function interception, where the first few instructions of a target function are replaced with a jump to a user-supplied detour function, while pr
ZygiskNext is an Android rooting integration layer and system hooking framework. It functions as a code injector for the Android Zygote process, allowing for the modification of system behavior across various rooting environments and superuser managers. The project provides a specialized API to intercept and modify low-level system calls. This enables the injection of custom code into the base process that spawns applications, facilitating deep Android system customization and rooted development. The framework utilizes dynamic library loading, hook-based runtime modification, and Java Native
SuperWeChatPC is a modifier for the WeChat desktop client that unlocks hidden features through memory patching and binary hooks. It functions as a multi-account messaging manager, a messaging data archiver, and a software interface that exposes internal messaging functions to external programs. The project enables the simultaneous operation of multiple independent client instances on a single computer through process isolation. It allows for the transmission of large attachments by bypassing standard file size restrictions and provides a wrapper for programmatic message automation. The tool
Clink is a command line enhancer and shell extension for the Windows CMD terminal. It functions as a readline-style input library and completion engine, adding advanced line editing, persistent command history, and command argument prediction to the standard Windows command line environment. The project distinguishes itself through a scriptable architecture that allows for custom completion definitions, Lua keyboard mapping, and dynamic prompt customization. It enables the creation of context-sensitive prompts that can include asynchronous updates, environment-based formatting, and transient
ReVanced Manager is an Android application patcher designed to modify compiled mobile binaries. It enables users to inject custom features, alter runtime behavior, and remove interface elements without requiring access to original source code. The utility distinguishes itself by performing all operations locally on the user device, ensuring privacy by avoiding external server dependencies. It automates the entire modification lifecycle, including the retrieval of application files, the application of bytecode-level patches, and the generation of new cryptographic signatures to ensure the resu
HyperCeiler is an Android system customizer and enhancement kit designed to alter core application logic and graphical interfaces. It functions as a customization module specifically for HyperOS mobile devices to modify their visual and functional behaviors. The project utilizes a system of signed OS modules, employing keystores and digital credentials to cryptographically sign packages for secure installation on the target device. Its capabilities cover the modification of system behavior and the alteration of visual elements through resource-based UI overrides and system-level logic modifi
Mimikatz is a security research suite designed for auditing Windows authentication and managing system security configurations. It provides a comprehensive framework for extracting sensitive credentials, manipulating process privileges, and managing digital identity assets directly from system memory or offline memory dumps. The project distinguishes itself through advanced system-level exploitation techniques, including runtime process injection, API hooking, and the ability to bypass cryptographic export restrictions. It features a specialized toolkit for Kerberos protocol operations, allow
This project is an open source software activator and digital license tool for Microsoft operating systems. It functions as an automated utility to verify Windows 10 and 11 installations as genuine and remove activation watermarks. The software focuses on applying permanent digital licenses to the operating system to ensure activation persists after updates or reinstalls. It achieves this through the automation of license verification without requiring manual user intervention or product keys. The tool utilizes several system-level techniques to manage licensing states, including digital lic
LSPosed is an Android runtime hooking framework and in-memory code modifier. It functions as a system hooking tool that intercepts and modifies system and application methods in memory to change behavior without altering original installation files. The project provides a standardized interface through the Xposed Module API, allowing for the development of plugins that alter the behavior of the Android operating system and installed applications. The framework covers a range of capabilities including runtime function interception, Android system debugging, and application customization. Thes
lsfg-vk is a Vulkan-based frame generation tool and graphics middleware designed to increase perceived frame rates in graphics applications. It implements a lossless scaling algorithm to insert generated frames between rendered ones, increasing motion smoothness without reducing image quality. The project features a dedicated programming interface for integrating frame generation logic into external applications and includes an application profile manager. This manager allows specific generation settings to be assigned to individual executables, automating configuration upon application start
OptiScaler is a DirectX graphics middleware and temporal upscaler wrapper designed to intercept graphics API calls. It functions as a system for replacing native temporal anti-aliasing and upscaling technologies with alternative scaling methods and frame generation interop to improve resolution and performance. The project distinguishes itself by enabling modern high-resolution upscaling and frame generation in games built for legacy rendering standards. It includes a framework for importing low-latency graphics plugins and utilizes an interception layer to replace existing frame interpolatio