Hi, i'm having problem trying to compile my dll using ms detours 2.1 (not 1.5, sorry) Code: detours.lib(detours.obj): error LNK2001: unresolved.
Two things are necessary in order to detour a target function: a targetpointer containing the address of the target function and a detourfunction. For proper interception the target function, detour function,and the target pointer must have exactly the same call signatureincluding number of arguments and calling convention. Using the samecalling convention insures that registers will be properly preserved andthat the stack will be properly aligned between detour and targetfunctions
The code fragment in Figure 5 illustrates the usage of the Detourslibrary. User code must include the
detours.h
header file and linkwith the detours.lib
library.Figure 5. Simple detour to modify the Windows Sleep API.
Interception of the target function is enabled by invoking theDetourAttach API within a detour transaction. Adetour transaction is marked by calls to theDetourTransactionBegin API and theDetourTransactionCommit API. TheDetourAttach API takes two arguments: theaddress of the target pointer and the pointer to the detour function.The target function is not given as an argument because it must alreadybe stored in the target pointer.
The DetourUpdateThread API enlists threadsin the transaction so that their instruction pointers are appropriatelyupdated when the transaction commits.
The DetourAttach API allocates and prepares atrampoline for calling the target function. When the detour transactioncommits, the target function and trampoline are rewritten and the targetpointer is updated to point to the trampoline function.
Once a target function has been detoured, any call to the targetfunction will be re-routed through the detour function. It is theresponsibility of the detour function to copy arguments when invokingthe target function through the trampoline. This is intuitive as thetarget function becomes simply a subroutine callable by the detourfunction.
Interception of a target function is removed by calling theDetourDetach API within a detour transaction.Like the DetourAttach API, theDetourDetach API takes two arguments: theaddress of the target pointer and the pointer to the detour function.When the detour transaction commits, the target function is rewrittenand restored to its original code, the trampoline function is deleted,and the target pointer is restored to point to the original targetfunction.
In cases where detour functions need to inserted into an existingapplication without source code access, the detour functions should bepackaged in a DLL. The DLL can be loaded into a new process at creationtime using theDetourCreateProcessWithDllEx orDetourCreateProcessWithDllsAPIs. If a DLL is inserted using
DetourCreateProcessWithDllEx
orDetourCreateProcessWithDlls
, the DllMain function must call theDetourRestoreAfterWith API. If the DLLmay be used in mixed 32-bit and 64-bit environments, then the DllMainfunction must call theDetourIsHelperProcess API. The DLL mustexport theDetourFinishHelperProcess API asexport Ordinal 1, which will be called by rundll32.exe
to perform thehelper tasks.NOTE: Microsoft in no way warrants or supports any Microsoft orthird-party code that has been altered either with a detour or with anyother mechanism.
The withdll.exe program include in the Detourspackage uses theDetourCreateProcessWithDlls APIto start a new process with a named DLL.
PermalinkJoin GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign up Find file Copy path
Cannot retrieve contributors at this time
// |
// |
// |
#include<windows.h> |
#include<detours.h> |
#include<stdio.h> |
int WINAPI Echo(PCSTR pszMsg); |
staticint (WINAPI * Real_Echo)(PCSTR pszMsg) = Echo; |
int WINAPI Mine_Echo(PCSTR pszMsg) |
{ |
printf('Echo(%s)n', pszMsg); |
returnReal_Echo(pszMsg); |
} |
BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved) |
{ |
LONG error; |
(void)hinst; |
(void)reserved; |
if (DetourIsHelperProcess()) { |
returnTRUE; |
} |
if (dwReason DLL_PROCESS_ATTACH) { |
DetourRestoreAfterWith(); |
printf('echofx'DETOURS_STRINGIFY(DETOURS_BITS) '.dll:' |
' Starting.n'); |
fflush(stdout); |
DetourTransactionBegin(); |
DetourUpdateThread(GetCurrentThread()); |
DetourAttach(&(PVOID&)Real_Echo, Mine_Echo); |
error = DetourTransactionCommit(); |
if (error NO_ERROR) { |
printf('echofx'DETOURS_STRINGIFY(DETOURS_BITS) '.dll:' |
' Detoured Echo().n'); |
} |
else { |
printf('echofx'DETOURS_STRINGIFY(DETOURS_BITS) '.dll:' |
' Error detouring Echo(): %dn', error); |
} |
} |
elseif (dwReason DLL_PROCESS_DETACH) { |
DetourTransactionBegin(); |
DetourUpdateThread(GetCurrentThread()); |
DetourDetach(&(PVOID&)Real_Echo, Mine_Echo); |
error = DetourTransactionCommit(); |
printf('echofx'DETOURS_STRINGIFY(DETOURS_BITS) '.dll:' |
' Removed Echo() (result=%d)n', error); |
fflush(stdout); |
} |
returnTRUE; |
} |
Copy lines Copy permalink