Announcing Ruptura v1.0
A Windows DLL injection, function interception, and memory manipulation library for .NET.
In a number of my personal projects, I’ve needed an off-the-shelf solution for injecting the .NET runtime into a Windows process and running a managed assembly. I used to do this with EasyHook, but it was never ported forward from .NET Framework. This meant that even in my .NET Core (now simply .NET) projects, I had to have one project that still targeted net48
. (To be fair to the EasyHook maintainers, a lot changed between .NET Framework and .NET Core, especially with regards to the native hosting APIs. Porting EasyHook to .NET Core would be a lot of work.)
Eventually, this situation got annoying enough that I decided to do something about it: I created the Ruptura project, intended to be a spiritual successor to EasyHook. Ruptura supports all the main features people know and love from EasyHook: Easy DLL injection into running or suspended processes, automatic .NET runtime hosting, function hooking with recursion prevention and state tracking, as well as native stack trace capture from anywhere (including in hooks). Finally, it is fully compatible with .NET 7 (net7.0
) and up, with zero dependencies on .NET Framework.
There are a few limitations to be aware of when using Ruptura over EasyHook:
A somewhat modern version of Windows 10+ is required due to usage of some newer APIs such as VirtualAlloc2.
There is currently no support for injecting 32-bit processes. This will come in a future version, but is temporarily blocked by ziglang/zig#11926.
Due to the design of the hosting APIs in .NET Core and onwards, the .NET runtime is never unloaded from the target process. This also means you can only inject into a target process once for the duration of its lifetime.
If you’re looking for a modern replacement for EasyHook and the above limitations aren’t a problem for you, Ruptura should fit the bill. v1.0.2 has been released today.