Well i got visual studio 2008 proffesional and 2003, for 2003 and 2008 i have added detours 1.5 header fail and library, so im getting linking warnings and i want to solve it. Detours Build 338 and later fix a security vulnerability that has been identified in releases of Detours before 3.0 Build 334. Detours 4.0.1 supports x86, x64 and other Windows-compatible processors (IA64 and ARM).
Microsoft Research Detours Package, Express Version 2.1 Build_216. This is a precompiled version using VS2015.
The entire Detours package is covered by copyright law.Copyright (c) Microsoft Corporation. All rights reserved.Portions may be covered by patents owned by Microsoft Corporation.
Usage of the Detours package is covered under the End User License Agreement.Your usage of Detours implies your acceptance of the End User License Agreement.
If you distribute programs which use Detours, you must also distribute acopy of DETOURED.DLL, which is required for your program to execute.DETOURED.DLL is built when you build the libraries.
A complete list of redistributable files is in REDIST.TXT.
- INTRODUCTION:This document describes the installation and usage of this version of theDetours package. In particular, it provides an updated API table.
Complete documentation for the Detours package, including a detailed APIreference can be found in the Detours.chm file.
- BUILD INSTRUCTIONS:To build the libraries and the sample applications, type 'nmake'.
- VERIFYING THE INSTALL AND BUILD:After building the libraries and sample applications, you can verify thatthe Detours packet works on your Windows OS by type 'nmake test' in thesamplesslept directory. The output of 'namke test' should be similarto that contained in the file samplessleptNORMAL.TXT.
- CHANGES IN VERSION 2.1:The following major changes were made in Detours 2.1 from Detours 2.0:
- Addition of support for 64-bit code on Itanium 2 processors, using theIA64 instruction set.
- Correction to disassembly table for X86 for indirection instructionswith either 8-bit or 32-bit constant operands.
The following major changes were made in Detours 2.0 from Detours 1.5:
- Complete API documentation.
- Support for 64-bit code on X64 processors.
- Addition of a transactional model for attaching and detaching detours.
- Addition of code for updating peer threads when adjusting detours.
- Replaced trampoline pointers with target pointers in the API to simplify usage.
- Support for detection of detoured processes.
- Significant compatibility fixes in the DetourCreateProcessWithDll API.
- Removed the DetourContinueProcessWithDll API.
- Added DetourCopyPayloadToProcess API to copy payloads to target processes.
Detours 2.1 includes extensive online documentation in the Detours.chm file.The documentation includes a technical overview of the Detours package, anextensive API reference, descriptions of all of the Detours samples withcross-links to the relevant APIs, and a list of Frequently Asked Questions(FAQ) and answers.
Detours 2.1 adds support 64-bit execution on X64 and IA64 processors.Detours understands the new 64-bit instructions of the X64 and IA64 and candetour 64-bit code when used in a 64-bit process. However, Detours does notsupport cross-compatibility between 32-bit and 64-bit code. For example,32-bit detours can be applied only to 32-bit code, and 64-bit detours can beapplied only to 64-bit code.
Typically, a developer uses the Detours package to detour a family offunctions. Race conditions can be introduced into the detour code as thetarget functions are detoured one by one. Also, the developer typicallywants a error model in which all target functions are detours entirely ornone of the target functions are detoured if a particular function can'tbe detoured. In previous version of Detours, programmers either ignoredthese race and error conditions, or attempted to avoid them by carefullytiming the insertion and deletion of detours.
To simplify the development model, Detours 2.1 use a transactional model forattaching and detaching detours. Your code should call DetourTransactionBeginto begin a transaction, issue a group of DetourAttach or DetourDetach calls toaffect the desired target functions, call DetourUpdateThread to mark threadswhich may be effected by the updates, and then call DetourTransactionCommit tocomplete the operation.
When DetourTranactionCommit is called, Detours suspends all effectedthreads (except the calling thread), insert or removes the detours asspecified, updates the program counter for any threads that were runninginside the effected functions, then resumes the effected threads. If anerror occurs during the transaction, or if DetourTransactioAbort iscalled, Detours safely aborts all of the operations within the transaction.From the perspective of all threads marks for update, the entiretransaction is atomic, either all threads and functions are modified,or none or modified.
A trampoline is a small block of code modified by Detours to contain theinstructions of the target function moved to insert the detour and a jumpto the remainder of the target function. In previous versions of Detours,trampolines where managed by the developer. Detours made this as easyas possibly by providing C macros to statically create new trampolines,but developer code was prone to undetected mismatches in functionsignatures between target functions, detour functions and trampolines. Inaddition, the developers were forced to use different APIs for staticallyand dynamically available functions. With Detours 2.1, the allocation,construction, and management of trampolines is controlled completely byDetours.
Instead of directly using trampolines, developers should now use targetpointers to refer to target functions. Initially, the target pointershould point to the target function. When a detour is attached to thetarget function, Detours will allocate a trampoline function, and updatethe target pointer to point to the trampoline. When the detour isdetached from the target function, Detours will restore the target pointerto the target function and release the trampoline. Thanks to common C/C++syntax, target pointers can be used exactly like functions.
The most important benefit of using target pointers, instead of trampolinesdirectly, is that C and C++ compiler check the check the equality of callingconventions on function pointer assignment. As a result, any discrepancybetween the calling conventions of a target function and a detour functionwill be detected at compile time, rather than appear at runtime as mysterousbugs caused by stack misalignment.
Another benefit of using target pointers is the reduction in the Detours APIsas the same APIs cab be used regardless of whether the address of a targetfunction is available at link time or must be derived dynamically.
Detours loads the detoured.dll shared library stub into any process which hasbeen modified by the insertion of a detour. This allows the Microsoft CustomerSupport Services (CSS) and the Microsoft Online Crash Analysis (OCA) teams toquickly and accurately determine that the behavior of a process has beenaltered by a detour. CSS does not provide customer assistance on detouredproducts.
The DetourCreateProcessWithDll API has been completely rewritten. Theprevious version of the API used a code injection mechanism to create acall to LoadLibrary in the target process. The code injection mechanismcould fail silently without any diagnostic information and was susceptibleto changes in the underlying loader in Windows. The new implementationmodifies the DLL import table in the target process to cause the theWindows loader to load the DLL as if it where listed in the program'simport table. As a result, the code is much more robust and neverfails silently.
The DetourContinueProcessWithDll API has been removed and is no longersupported. It was removed because there is no supported or reliablemechanism to inject a DLL into a running process.
The DetourCopyPayloadToProcess API copies a block of memory directly intoa payload in a target process. DetourCopyPayloadToProcess is particularuseful for copying information from a parent process to a child processcreated using the DetourCreateProcessWithDll API.
- API SUMMARY:
DetourTransactionBegin() - Begin a new detour transaction.
DetourUpdateThread() - Mark a thread that should be included in thecurrent detour transaction.
DetourAttach() - Attach a detour to a target function as partof the current detour transaction.
DetourAttachEx() - Attach a detour to a target function andretrieved additional detail about the ultimatetarget as part of the current detour transaction.
DetourDetach() - Detach a detour from a traget function as partof the current detour transaction.
![Detours Detours](/uploads/1/2/4/8/124894816/385587704.jpg)
DetourSetIgnoreTooSmall() - Set the flag to determine if failure to detoura target function that is too small for detouringis sufficient error to cause abort of the currentdetour transaction.
DetourTransactionAbort() - Abort the current detour transaction.
DetourTransactionCommit() - Attempt to commit the current detour transaction.
DetourTransactionCommitEx() - Attempt to commit the current transaction, iftransaction fails, retrieve error information.
DetourFindFunction() - Tries to retrieve a function pointer for a namedfunction through the dynamic linking exporttables for the named module and then, if thatfails, through debugging symbols if available.
DetourCodeFromPointer() - Give a function pointer, returns a pointer to thecode implementing the function. Skips over extracode often inserted by linkers or compilers forcross-DLL calls.
DetourEnumerateModules() - Enumerates all of the PE binaries loaded into aprocess.
DetourGetEntryPoint() - Returns a pointer the entry point for a module.
DetourGetModuleSize() - Returns the load size of a module.
DetourEnumerateExports() - Enumerates all exports from a module.
DetourFindPayload() - Finds the address of the specified payloadwithin a module.
DetourGetSizeOfPayloads() - Returns the size of all payloads within amodule.
DetourBinaryOpen() - Open a binary for in-memory update.
DetourBinaryEnumeratePayloads() - Enumerats all of the payloads in a binary.
DetourBinaryFindPayload() - Finds a specific payload within a binary.
DetourBinarySetPayload() - Attaches a payload to a binary.
DetourBinaryDeletePayload() - Removes a payload from a binary.
DetourBinaryPurgePayloads() - Removes all payloads from a binary.
DetourBinaryEditImports() - Edits the import tables of a binary.
DetourBinaryResetImports() - Removes all edits to the import tables of abinary including any edits made by previousprograms using the Detours package.
DetourBinaryWrite() - Writes the updated binary to a file.
DetourBinaryClose() - Release the in-memory updates for a binary.
DetourBinaryBind() - Binds the DLL imports for a named binary file.
DetourCreateProcessWithDll() - Creates a new process with the specifiedDLL inserted into it.DetourRestoreAfterWith() - Restores the contents in memory import tableafter a process was started withDetourCreateProcessWithDll.DetourGetDetouredMarker() - Returns the handle of the detoured.dllDLL loaded to mark this process as detoured.
- COMPATIBILITY:All Detours functions are compatible with all versions of Windows NT,Windows 2000, Windows XP, and Windows Server 2003.
Detours does not support Windows 95, Windows 98, or Windows ME.
- MANIFEST:The Detours package current consists of the Detours library (with or withoutsource code) and a number of sample programs. Descriptions of the sampleprograms can be found in samplesREADME.TXT
- NOTES:When writing detour functions, it is imperative that the binary-callingconvention of the detour and trampoline functions match exactly thebinary-calling convention of the target function.
In a few cases, when the sizeof() a return value is smaller than sizeof(int),C or C++ compilers will generate non-compatible binary-calling conventions bynot widening the return value to an int as is customary for small return values.The result is a syntactically-identical, but not binary-compatible, detourfunction. In most cases, the problem can be fixed be having the detour functionreturn a value widened to a sizeof(int) type. Developers are urged to exercisecaution, and should insure that correct code is generated by their C or C++compiler for detour functions with small return values.
When attaching a DLL to a binary with Detours DLL import APIs, the DLL mustexport one procedure with export ordinal 1. The exported procedure is notcalled by the application, but it used as the import target.
Detours requires a compiler compatible with Visual C++.NET or later.
- BUG REPORTS:Please send detailed bug reports to [email protected]. Submitted bugreports may be used to fix bugs in future versions of the Detours package.Please include the text 'DETOURS BUG REPORT' in the subject line. Pleasealso include the first line of this README.TXT file containing the fullversion description information. The [email protected] email addressis not a product support line.
- COMMERCIAL LICENSE REQUESTS:Detours is available under both a restricted non-commerial/research licenseand under a commerical license. To inquiry about acquiring a commerciallicense to the Detours Package, send email to Microsoft's IntellectualProperty and Licensing Group at [email protected]. Please include the text'DETOURS LICENSE REQUEST' in the subject line.
Detours is a software package for re-routing Win32 APIs underneath applications. For almost twenty years, has been licensed by hundreds of ISVs and used by nearly every product team at Microsoft.
Detours 4.0.1 is now open source under the MIT license. Detours is on GitHub at https://github.com/Microsoft/Detours. The source code is identical to Build 343 of Detours 3.0. Detours Build 338 and later fix a security vulnerability that has been identified in releases of Detours before 3.0 Build 334.
Detours 4.0.1 supports x86, x64 and other Windows-compatible processors (IA64 and ARM). It includes support for either 32-bit or 64-bit processes.
Detours 4.0 simplifies the licensing of Detours. Detours 3.0 was available in two versions. Detours Professional allowed commercial use. Detours Express allowed research, non-commercial, and non-production use. The two versions were identical except for their licenses.
Detours 3.0 included the following new features over Detours 2.x:
- Support for 64-bit code on x64 and IA64 processors (Professional Edition only).
- Support for all Windows processors (Professional Edition only).
- Removed requirement for including detoured.dll in processes.
- Compatibility improvements for detouring APIs used by managed-code (MSIL) programs, especially on x64 processors.
- Addition of APIs to enumerate PE binary Imports and to determine the module referenced by a function pointer.
Innovative systems research hinges on the ability to easily instrument and extend existing operating system and application functionality. With access to appropriate source code, it is often trivial to insert new instrumentation or extensions by rebuilding the OS or application. However, in today’s world systems researchers seldom have access to all relevant source code.
Detours is a library for instrumenting arbitrary Win32 functions Windows-compatible processors. Detours intercepts Win32 functions by re-writing the in-memory code for target functions. The Detours package also contains utilities to attach arbitrary DLLs and data segments (called payloads) to any Win32 binary.
Detours preserves the un-instrumented target function (callable through a trampoline) as a subroutine for use by the instrumentation. Our trampoline design enables a large class of innovative extensions to existing binary software.
We have used Detours to create an automatic distributed partitioning system, to instrument and analyze the DCOM protocol stack, and to create a thunking layer for a COM-based OS API. Detours is used widely within Microsoft and within the industry.