No disrespect but Windhawk’s process injection loader code was cut and paste from malware source code. I can’t imagine how many AV/EDR alerts that project has generated from using ROR API hashing and PEB symbol traversing.

To review these third-party mods one needs to understand C++, Windows programming, and fairly obscure theming-related parts of its internals, some of which are undocumented/reverse engineered, and many have poorly understood side effects. This is a pretty specific combination of skills that slowly approaches arcane status, even if might feel otherwise to some. But again, larger apps are indeed harder to review than this.

(this particular mod is 100% innocuous, though)

Top tier malware can be incredibly terse and sophisticated. The trigger line to execute the xz exploit was a `.` in a build script. You are probably fine do to sheer obscurity - nerds who yearn for a Win9X experience are low in number and might only be running it for a laugh in a VM.

What’s really fun is hooking into the WM_PAINT event from the target processes main thread and then drawing your own controls over whatever was rendered…

Overlays, AIMBots, Discord, Flight Sim Software, we all do it…

`LD_PRELOAD` works on UNIX-like systems too.

No one told you to be afraid, install anything you want on your computer. Personally I just dont want to deal with getting my logins and keys stolen. It'd be very annoying.

> If you want to live without the risk of a little danger, go live in prison.

You have a very interesting idea of prison life.

In any case, labeling this a FUD I find to be a rather ill-spirited characterization. "Be cautious, not afraid." It is difficult to exercise caution without being aware of the risks, and this is a real risk.

But since we're getting all philosophical, it also hampers the exploration of the space between uncontrolled safety + original vision <-> controlled safety + a total loss of that vision. Which I find is what a lot of the pleas towards "freedom" actually turn out to be; an obstruction of curiosity and rigor that would otherwise yield a more robust portfolio of options. The Monkey's Paw edition of the idea, where freedom is just another word for the unknown. The ability to do better, and an active choice not to.

If I think about when I usually take on operational risks at work confidently, it comes down to two things: knowing what might go wrong, and having a contingency plan. It is not going YOLO. Note the emphasis on taking on risks (so these are not unavoidable risks).

Contrast this with what was said. You're appealing to the risk both remaining unknown and staying unavoidable, while being fully aware that people do not maintain contingencies for this. How is this any reasonable? Is "rolling the dice on getting their systems infected" vs. "just getting their OS look different" really what you think people are looking to spice up their life with?

This is not a knock on the project or the community mind you, it's a knock on your idea of preferring to keep things yeeing and hawing. Something which I can assure you I'm growing equally if not more tired of than purportedly "having to be afraid". Especially given how I increasingly struggle to suspend my disbelief when people claim they're now being told all the time how they should "be afraid", and how they're now supposedly living in terror because of it, as the innocent victims they are. People blatantly mischaracterizing reasonable concerns as FUD over and over kinda does that to you. I think the trendy word for this is "performative"?

Between having to choose "not telling people about dangers so that those with an inability to properly self-regulate their anxiety don't go toast" and "always leading with the danger and safety information", maybe the way forward instead is having appropriate spaces for these? Cause I'd argue in that case, the extents the post you replied to went is pretty okay for this forum in my view. They know that arbitrary code is submitted, so they're wondering how malware is screened. Big deal.