Application Customisation Framework SDK
(formerly known as HookTool SDK)

What is ACF SDK?

The problem:

Legacy code is reality. There are thousands of applications with relatively old code base that are widely popular and not likely to be replaced any time soon. This kind of applications are usually hard to modify or customise. Some examples are popular Medical solutions and Legal software products - to name a few.

Existing applications may need to be instrumented - their code is not available or the plugin infrastructure they provide is not suitable for what you need. A good example are MS Office Outlook, Word and Excel. The existing MS Office AddIn infrastructure is very limited and would not let you hook into many potentially useful customisation points.

Cyber-security solutions need to ensure they have their monitoring code running into each process. Implementing user mode system-wide hooking code that gets injected and executes in the earliest possible stage of the process life-time has been a challenge for many years.

Virtualising specific application activity cannot be achieved using standard APIs. Creating sandboxed browser environment is rather challenging.

These are the problem we solve.

ACF SDK (formerly known as HookTook SDK) has been designed by the author of the pioneering API Hooking article on - "API Hooking Revealed". ( If you Google "API Hooking" this is the first result.

The product has been commercially available for over 10 years and used by many companies.

ACF SDK allows custom code (written in native C/C++ or managed C#, C++, VB.NET) to be injected into virtually any application or process running on Windows. The custom code remains resident until the process exists.

The product fully supports 32-bit and 64-bit Windows. That includes the most recent versions of Windows 8.

Full support for multi-user environment, TS/RDP, Citrix and VNC are also included for both 32-bit and 64-bit platforms.

Process Monitoring infrastructure of ACF SDK includes a kernel mode driver that is digitally signed and supports both 32-bit and 64-bit versions of Windows.

ACF SDK provides hooking points to allow the custom code execute complex business logic.

  • API execution pre-processing
  • Use the default API implementation
  • Replace the default API implementation
  • API execution post-processing

Target customers are ISVs who customise and instrument:

  • Medical Software for Hospitals and GPs.
  • Text Capturing and Text Parsing
  • Legal Software
  • Security Solutions
  • Instrumentation and Debugging applications

Popular target applications and protocols include:

  • WinInet, WinSock and HTTP
  • MS IIS, MS ISA/Forefront
  • MS Office Outlook
  • Internet Explorer
  • Chrome
  • Firefox
  • Sysinternals Process Explorer

On the web

Ivo's blog
API hooking revealed
AntiHook v3.0 White Paper
AntiHook SDK v3.0 Feature List