Detours
in [Win32 Kernel]
|
Prev: SHELL32!_SHCreateProcess
Next: RelationProcessorPackage
From: Arie on 11 Oct 2006 17:13 Has anyone came across some Detours working samples? Thanks Arie
From: Arkady Frenkel on 12 Oct 2006 03:06 That worked for me before many years when it was yet in non-commercial variant only , but I really don't know the current status. I'm absolutely sure that professional variant ( MSFT take money for ) do work :) Arkady "Arie" <arie(a)john.com> wrote in message news:ebSzVoX7GHA.3452(a)TK2MSFTNGP05.phx.gbl... > Has anyone came across some Detours working samples? > > Thanks > > Arie >
From: Jeremy Boschen on 13 Oct 2006 16:19 The latest version, 2.1, is offered in a free and commerical version. The biggest drawback to the free version is no support for 64bit hooking. As for samples, the package contains a load of them. You can also google code search for specific Detours functions to see other uses. (http://www.google.com/codesearch?q=DetourFunction) - Jeremy Boschen "Arkady Frenkel" <arkadyf(a)hotmailxdotx.com> wrote in message news:O$J8qzc7GHA.2384(a)TK2MSFTNGP04.phx.gbl... > That worked for me before many years when it was yet in non-commercial > variant only , but I really don't know the current status. > I'm absolutely sure that professional variant ( MSFT take money for ) do > work :) > Arkady > > "Arie" <arie(a)john.com> wrote in message > news:ebSzVoX7GHA.3452(a)TK2MSFTNGP05.phx.gbl... >> Has anyone came across some Detours working samples? >> >> Thanks >> >> Arie >> > >
From: Arie on 14 Oct 2006 03:57 Thanks, I have just more 2 specific questions- 1. I saw some executable named withdll.exe that should be run concurrently with my application. Is this a must, or I can have the functionality without it and integrate the functionality in my application/dll? 2. Can I have global hook - meaning hooking all applications (of caurse, with certain api)? Thanks Arie "Jeremy Boschen" <jboschen[at]mutexed[dot]com> wrote in message news:%23MJ5wTw7GHA.844(a)TK2MSFTNGP03.phx.gbl... > The latest version, 2.1, is offered in a free and commerical version. The > biggest drawback to the free version is no support for 64bit hooking. > > As for samples, the package contains a load of them. You can also google > code search for specific Detours functions to see other uses. > (http://www.google.com/codesearch?q=DetourFunction) > > - Jeremy Boschen > > "Arkady Frenkel" <arkadyf(a)hotmailxdotx.com> wrote in message > news:O$J8qzc7GHA.2384(a)TK2MSFTNGP04.phx.gbl... >> That worked for me before many years when it was yet in non-commercial >> variant only , but I really don't know the current status. >> I'm absolutely sure that professional variant ( MSFT take money for ) do >> work :) >> Arkady >> >> "Arie" <arie(a)john.com> wrote in message >> news:ebSzVoX7GHA.3452(a)TK2MSFTNGP05.phx.gbl... >>> Has anyone came across some Detours working samples? >>> >>> Thanks >>> >>> Arie >>> >> >> > >
From: Le Chaud Lapin on 14 Oct 2006 11:47
Arie wrote: > Thanks, > I have just more 2 specific questions- > 1. I saw some executable named withdll.exe that should be run concurrently > with my application. Is this a must, or I can have the functionality without > it and integrate the functionality in my application/dll? That tool is not necessary, depending on how you do the hooking. To hook all processes, see (http://www.internals.com/articles_main.htm) for DLL injection techniques. You can also use Windows hooking for DLL injection, but as always, there are pros and cons to each method. Note that Microsoft now requires commercial uses of Detours to include a "dummy" file called Detours.DLL. This DLL is almost completely empty and is useless, and adds 1 more file to your installation package. My guess is that this mandate was created to force commercial customers to make an implicit, non-equivocal statement regarding whether they are using Detours in their application (the commercial package is quite expensive). The other reason, I read somewhere, is that this mandate will allow customer support representatives to know quickly whether the Detoured applictions might be the culprit for execution irregularities. > 2. Can I have global hook - meaning hooking all applications (of caurse, > with certain api)? Yes, it's possible. See link. -Le Chaud Lapin- |