Detours
in [Win32 Kernel]
|
Prev: SHELL32!_SHCreateProcess
Next: RelationProcessorPackage
From: J Boschen on 17 Oct 2006 23:03 There are other packages out there that do most of or more than Detours. Some even in source form. I ended up writing my own because for me, the lack of x64 support makes Detours useless. Here are ones I know of... http://www.mutexed.com/code/OeyEnc/OeyEncSource.zip (look in Common\Cojack.h) http://www.madshi.net/madCodeHookDescription.htm http://www.cybertech.net/~sh0ksh0k/projects/x86hook/ And if you're truly nuts, you can try using the builtin hotpatching... http://www.openrce.org/articles/full_view/22 - Jeremy Boschen "Le Chaud Lapin" <jaibuduvin(a)gmail.com> wrote in message news:1160840831.368870.103560(a)k70g2000cwa.googlegroups.com... > Arie wrote: >> Thanks, >> I have just more 2 specific questions- >> 1. I saw some executable named withdll.exe that should be run >> concurrently >> with my application. Is this a must, or I can have the functionality >> without >> it and integrate the functionality in my application/dll? > > That tool is not necessary, depending on how you do the hooking. To > hook all processes, see (http://www.internals.com/articles_main.htm) > for DLL injection techniques. You can also use Windows hooking for DLL > injection, but as always, there are pros and cons to each method. > > Note that Microsoft now requires commercial uses of Detours to include > a "dummy" file called Detours.DLL. This DLL is almost completely empty > and is useless, and adds 1 more file to your installation package. My > guess is that this mandate was created to force commercial customers to > make an implicit, non-equivocal statement regarding whether they are > using Detours in their application (the commercial package is quite > expensive). The other reason, I read somewhere, is that this mandate > will allow customer support representatives to know quickly whether the > Detoured applictions might be the culprit for execution irregularities. > > >> 2. Can I have global hook - meaning hooking all applications (of caurse, >> with certain api)? > > Yes, it's possible. See link. > > -Le Chaud Lapin- >
From: Le Chaud Lapin on 19 Oct 2006 02:38
J Boschen wrote: > There are other packages out there that do most of or more than Detours. > Some even in source form. I ended up writing my own because for me, the lack > of x64 support makes Detours useless. > > Here are ones I know of... > http://www.mutexed.com/code/OeyEnc/OeyEncSource.zip (look in > Common\Cojack.h) > http://www.madshi.net/madCodeHookDescription.htm > http://www.cybertech.net/~sh0ksh0k/projects/x86hook/ > > And if you're truly nuts, you can try using the builtin hotpatching... > http://www.openrce.org/articles/full_view/22 > > - Jeremy Boschen Interesting links. I will certainly take a look. Detours isn't cheap. But it does support 64-bit now, and if I recall, Itanium support is either ready or will be ready shortly. Note: I'd be certainly interested in a Detours-replacment. The must-include-dummy-Detours.DLL requirement from Microsoft is a nuissance, not to mention the sticker shock. -Le Chaud Lapin- |