helviojunior/hookchain — reverse-engineered prompt

Build me a Windows C research project based on the HookChain paper and the code in this repo. I want it to feel like a clean companion to the whitepaper, something I can compile and run in a lab to understand the full idea from start to finish.

Please make it focused on education and visibility, not stealth. Include a small demo app and an enum utility that can inspect imports, loaded modules, and possible user mode hooks, then show with clear console output how IAT redirection, dynamic syscall number lookup, and indirect syscall flow fit together. Keep the source organized and readable, add comments where the logic is tricky, and include a simple README with build steps, what each part does, and what to expect when running it on Windows.

If the PDFs or talk links have important details, use those too. You can look up current Windows docs online if you need to.