C5Hackr/XATHook — reverse-engineered prompt

Build me a small Windows C library called XATHook that lets a developer intercept API calls without overwriting the actual function code. It should work by changing address table entries, including normal imports, delay loaded imports, and safe export table redirection for future lookups.

I want a simple C API where I can initialize a hook for a module and function name, turn it on, get the original function pointer if possible, and turn it off cleanly. It should keep track of every table entry it changes so disable restores things reliably, with a safety sweep for anything missed.

Please make it architecture aware for x86, x64, and ARM64 Windows, including the right jump stubs and instruction cache flushing when needed. Keep it lightweight, defensive when parsing PE files, and suitable for local research, sandboxing, and instrumentation. Include a Visual Studio solution and a tiny example showing one Windows API being hooked and then restored. Look up current Windows PE docs online if you need to.