First off, thanks for considering contributing to DLLHijackHunter! 🎉 Every contribution helps make this tool better for the security community.
- Code of Conduct
- How Can I Contribute?
- Getting Started
- Development Setup
- Coding Guidelines
- Submitting Changes
- Reporting Bugs
- Suggesting Features
This project follows our Code of Conduct. By participating, you agree to uphold a welcoming, respectful environment.
There are many ways to contribute beyond writing code:
| Contribution Type | Examples |
|---|---|
| Bug Reports | Found a false positive? Crash on a specific config? |
| Feature Requests | New hijack type, output format, filter idea |
| Code | Bug fixes, new features, performance improvements |
| Documentation | Fix typos, improve explanations, add examples |
| Testing | Run scans on different Windows versions and report results |
| Canary Templates | New canary DLL templates for edge cases |
- Fork the repository on GitHub.
- Clone your fork locally:
git clone https://github.com/<your-username>/DLLHijackingHunter.git cd DLLHijackingHunter
- Create a branch for your work:
git checkout -b feature/your-feature-name
- Windows 10/11 (for testing — the tool is Windows-specific)
- .NET 8.0 SDK — Download
- Visual Studio 2022 or VS Code with C# extensions (recommended)
- Administrator privileges for running canary tests
# Restore and build
dotnet build src/DLLHijackHunter/DLLHijackHunter.csproj -c Debug
# Run
dotnet run --project src/DLLHijackHunter/DLLHijackHunter.csproj -- --profile safe
# Publish self-contained binary
dotnet publish src/DLLHijackHunter/DLLHijackHunter.csproj -c Release -r win-x64 --self-contained -p:PublishSingleFile=true -o ./publishsrc/DLLHijackHunter/
├── Discovery/ # Static + ETW engines, PE analysis
├── Filters/ # Hard gates + soft gates
├── Canary/ # DLL builder, trigger, confirmation
├── Models/ # Data models, profiles, enums
├── Scoring/ # Tiered scoring algorithm
├── Reporting/ # Console, JSON, HTML reports
├── Native/ # P/Invoke, ACL checks, tokens
└── Program.cs # CLI entry point
- Follow existing code conventions in the project.
- Use PascalCase for public members, camelCase for locals.
- Add XML doc comments (
///) for all public types and methods. - Keep methods focused — prefer small, single-responsibility methods.
- Write clear, concise commit messages.
- Use the present tense:
"Add phantom DLL filter"not"Added phantom DLL filter". - Reference issues where applicable:
"Fix #42 — false positive on api-ms-* DLLs".
- Test your changes on at least one Windows version before submitting.
- For new filters or hijack types, include sample scenarios in your PR description.
- Use
--profile safefor non-destructive testing.
- Ensure your code builds without warnings:
dotnet build src/DLLHijackHunter/DLLHijackHunter.csproj -c Release
- Push your branch to your fork:
git push origin feature/your-feature-name
- Open a Pull Request against
mainon the upstream repository. - Fill out the PR template — describe what you changed and why.
- Be responsive to code review feedback.
- ✅ Builds without warnings
- ✅ Doesn't break existing functionality
- ✅ Follows coding guidelines
- ✅ Has a clear description and rationale
- ✅ Security-sensitive changes reviewed by a maintainer
Use the Bug Report template and include:
- OS version (e.g., Windows 11 23H2)
- DLLHijackHunter version or commit hash
- Command line used
- Expected vs. actual behavior
- Relevant log output (use
--verbose)
Use the Feature Request template and describe:
- The problem your feature would solve
- Your proposed solution
- Alternatives you've considered
If you discover a security vulnerability, do NOT open a public issue. Please see our Security Policy for responsible disclosure instructions.
Thank you for helping make DLLHijackHunter better! 🔍
Built by GhostVector Academy