EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-02-2016, 09:33
b30wulf's Avatar
b30wulf b30wulf is offline
Family
 
Join Date: Nov 2013
Posts: 128
Rept. Given: 179
Rept. Rcvd 109 Times in 32 Posts
Thanks Given: 109
Thanks Rcvd at 83 Times in 35 Posts
b30wulf Reputation: 100-199 b30wulf Reputation: 100-199
Thumbs up Microsoft Detours Pro v3.0

After a couple of request on pm i have decided to share it with community.

Detours Professional includes support for either 32-bit or 64-bit processes on x86 and other Windows-compatible processors.
Detours 3.0 includes the following new features over Detours 2.x:
Support for 64-bit code on x64 and IA64 processors (Professional Edition only).
Support for all Windows processors (Professional Edition only).
Removed requirement for including detoured.dll in processes.
Compatibility improvements for detouring APIs used by managed-code (MSIL) programs, especially on x64 processors.
Addition of APIs to enumerate PE binary Imports and to determine the module referenced by a function pointer.

Password is easy to get, i didn't wanted to be just copy paste.
Attached Files
File Type: txt password.txt‎ (179 Bytes, 72 views)
File Type: rar Detours_Pro_v3.0.rar‎ (221.3 KB, 134 views)
Reply With Quote
The Following User Gave Reputation+1 to b30wulf For This Useful Post:
atom0s (02-03-2016)
The Following 15 Users Say Thank You to b30wulf For This Useful Post:
0xNOP (05-16-2016), ahmadmansoor (04-19-2016), atom0s (02-03-2016), BoB (08-07-2016), doingtest (05-14-2016), dude719 (11-26-2016), dyn!o (09-04-2016), emo (03-17-2016), securedsolutions (11-02-2016), TechLord (02-02-2016), Tomy73 (02-07-2016), uranus64 (02-02-2016), WRP (02-02-2016), __Genius__ (10-11-2016)
  #2  
Old 02-02-2016, 16:40
besoeso's Avatar
besoeso besoeso is offline
Family
 
Join Date: May 2010
Posts: 129
Rept. Given: 413
Rept. Rcvd 100 Times in 39 Posts
Thanks Given: 168
Thanks Rcvd at 17 Times in 11 Posts
besoeso Reputation: 100-199 besoeso Reputation: 100-199
Is it the same share here before? Right?

http://forum.exetools.com/showpost.php?p=102344&postcount=5
Reply With Quote
The Following 2 Users Say Thank You to besoeso For This Useful Post:
congviet (02-02-2016), zeuscane (02-02-2016)
  #3  
Old 02-02-2016, 23:06
FoxB FoxB is offline
VIP
 
Join Date: Jan 2002
Location: Earth...
Posts: 527
Rept. Given: 12
Rept. Rcvd 98 Times in 64 Posts
Thanks Given: 2
Thanks Rcvd at 174 Times in 57 Posts
FoxB Reputation: 99
both

// Microsoft Research Detours Package, Version 3.0 Build_316
Reply With Quote
  #4  
Old 02-03-2016, 07:15
b30wulf's Avatar
b30wulf b30wulf is offline
Family
 
Join Date: Nov 2013
Posts: 128
Rept. Given: 179
Rept. Rcvd 109 Times in 32 Posts
Thanks Given: 109
Thanks Rcvd at 83 Times in 35 Posts
b30wulf Reputation: 100-199 b30wulf Reputation: 100-199
Yep, didn't notice that its all ready on forum.
Anyway now will be easier to find.
Reply With Quote
  #5  
Old 02-03-2016, 10:04
Pansemuckl Pansemuckl is offline
Friend
 
Join Date: Nov 2005
Posts: 23
Rept. Given: 5
Rept. Rcvd 4 Times in 2 Posts
Thanks Given: 0
Thanks Rcvd at 18 Times in 1 Post
Pansemuckl Reputation: 4
Quote:
Originally Posted by b30wulf View Post
Yep, didn't notice that its all ready on forum.
Anyway now will be easier to find.
And even easier downloading here
http://ul.to/bs1r1j9j

For those who are like me member of this forum for 10+ years, and still don't have privilege to download attachments.
Come on, change these ridiculous policies. All it does is harm the forum. People seek other places to download.

Last edited by Pansemuckl; 02-03-2016 at 10:09.
Reply With Quote
The Following 18 Users Say Thank You to Pansemuckl For This Useful Post:
Anticode (03-12-2016), b30wulf (02-03-2016), bilbo (02-04-2016), Conquest (02-05-2016), dude719 (05-12-2016), elephant (02-08-2016), foosaa (03-22-2016), mavermaver (07-13-2016), mcp (02-03-2016), n00b (02-07-2016), NeWOT (08-12-2016), ontryit (02-05-2016), Rikkie (09-05-2016), romero (05-26-2016), sackpower (08-10-2016), Sir.V65j (05-13-2016), virus (03-23-2016)
  #6  
Old 02-05-2016, 12:34
Conquest Conquest is offline
Friend
 
Join Date: Jan 2013
Location: 0x484F4D45
Posts: 95
Rept. Given: 46
Rept. Rcvd 29 Times in 17 Posts
Thanks Given: 14
Thanks Rcvd at 16 Times in 8 Posts
Conquest Reputation: 29
Quote:
Originally Posted by Pansemuckl View Post
And even easier downloading here
http://ul.to/bs1r1j9j

For those who are like me member of this forum for 10+ years, and still don't have privilege to download attachments.
Come on, change these ridiculous policies. All it does is harm the forum. People seek other places to download.
any mirror? ul.to isnt accessible here
Reply With Quote
  #7  
Old 02-06-2016, 14:02
FoxB FoxB is offline
VIP
 
Join Date: Jan 2002
Location: Earth...
Posts: 527
Rept. Given: 12
Rept. Rcvd 98 Times in 64 Posts
Thanks Given: 2
Thanks Rcvd at 174 Times in 57 Posts
FoxB Reputation: 99
http://rghost.net/6qR6LYxv5
Reply With Quote
The Following 7 Users Say Thank You to FoxB For This Useful Post:
bilbo (02-08-2016), Conquest (02-06-2016), emo (05-12-2016), Giotis (08-27-2016), niculaita (02-06-2016), Tomy73 (02-07-2016), WRP (02-08-2016)
  #8  
Old 03-17-2016, 00:19
emo emo is offline
Friend
 
Join Date: Dec 2010
Posts: 78
Rept. Given: 238
Rept. Rcvd 12 Times in 8 Posts
Thanks Given: 33
Thanks Rcvd at 0 Times in 0 Posts
emo Reputation: 12
this detours source code?
Reply With Quote
  #9  
Old 03-17-2016, 04:13
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 138
Rept. Given: 19
Rept. Rcvd 88 Times in 40 Posts
Thanks Given: 23
Thanks Rcvd at 98 Times in 46 Posts
atom0s Reputation: 88
Quote:
Originally Posted by emo View Post
this detours source code?
Yes, Detours does not come precompiled in any edition. This includes the 32bit and 64bit code.
Reply With Quote
  #10  
Old 05-11-2016, 09:32
IChooseYou IChooseYou is offline
Friend
 
Join Date: May 2016
Posts: 1
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 6 Times in 1 Post
IChooseYou Reputation: 0
I have only used to Detours 1.5 before, and the documentation for 3.0 isn't great. So in case anyone struggles:

PHP Code:
PVOID SetDetourPVOIDppTargetPVOID pHandler )
{
    if ( 
DetourTransactionBegin( ) != NO_ERROR )
        return 
FALSE;

    if ( 
DetourUpdateThreadGetCurrentThread( ) ) != NO_ERROR )
    {
        
DetourTransactionCommit( );
        return 
NULL;
    }

    
PDETOUR_TRAMPOLINE pTrampoline NULL;
    
    if ( 
DetourAttachExppTargetpHandler, &pTrampolineNULLNULL ) != NO_ERROR )
    {
        
DetourTransactionCommit( );
        return 
NULL;        
    }

    if ( 
DetourTransactionCommit( ) != NO_ERROR )
    {
        
DetourTransactionAbort( );
        return 
NULL;
    }

    return 
pTrampoline;

Retouring works the same, call DetourDetach as opposed to DetourAttach/DetourAttachEx

PHP Code:
    g_lpDispatchMessage reinterpret_cast<PVOID*>( 0x14317DCD0 );
    
oDispatchMessage reinterpret_cast<tDispatchMessage>( SetDetour( &g_lpDispatchMessagehkDispatchMessage ) );

    
RemoveDetour( &g_lpDispatchMessagehkDispatchMessage ); 
Reply With Quote
The Following 6 Users Say Thank You to IChooseYou For This Useful Post:
besoeso (05-12-2016), dude719 (05-12-2016), romero (05-26-2016), user_hidden (05-11-2016)
  #11  
Old 05-11-2016, 21:05
user_hidden user_hidden is offline
Friend
 
Join Date: May 2016
Posts: 19
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 49
Thanks Rcvd at 21 Times in 10 Posts
user_hidden Reputation: 2
IChooseYou, that pushed me in a better direction with as you say lack of documentation in 3.0
Reply With Quote
  #12  
Old 05-12-2016, 14:42
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 138
Rept. Given: 19
Rept. Rcvd 88 Times in 40 Posts
Thanks Given: 23
Thanks Rcvd at 98 Times in 46 Posts
atom0s Reputation: 88
Here is an example of hooking Win32 API without a trampoline since they are not always needed:
(Error checking code omitted for ease of reading.)

PHP Code:
extern "C"
{
    
HWND (WINAPI *Real_CreateWindowExA)(DWORDLPCSTRLPCSTRDWORDintintintintHWNDHMENUHINSTANCELPVOID) = CreateWindowExA;
};

/**
 * user32!CreateWindowExA detour callback.
 */
HWND __stdcall Mine_CreateWindowExA(DWORD dwExStyleLPCSTR lpClassNameLPCSTR lpWindowNameDWORD dwStyleint xint yint nWidthint nHeightHWND hWndParentHMENU hMenuHINSTANCE hInstanceLPVOID lpParam)
{
    
// Do your personal alterations and such here..
    
    
return Real_CreateWindowExA(dwExStylelpClassNamelpWindowNamedwStylexynWidthnHeighthWndParenthMenuhInstancelpParam);
}

// Attach the detour..
DetourTransactionBegin();
DetourUpdateThread(::GetCurrentThread());
DetourAttach(&(PVOID&)Real_CreateWindowExAMine_CreateWindowExA);
DetourTransactionCommit(); 
Reply With Quote
The Following 5 Users Say Thank You to atom0s For This Useful Post:
NeWOT (08-12-2016), sh3dow (05-13-2016), xenocidewiki (05-13-2016)
  #13  
Old 07-13-2016, 11:32
WhoCares's Avatar
WhoCares WhoCares is offline
who cares
 
Join Date: Jan 2002
Location: Here
Posts: 313
Rept. Given: 1
Rept. Rcvd 11 Times in 9 Posts
Thanks Given: 0
Thanks Rcvd at 15 Times in 2 Posts
WhoCares Reputation: 11
so good.

I got detours 3 source code from the open source .net framework code, but there is a nasty typo bug...and finally microsoft removed the leaked code form their open source site.
__________________
AKA Solomon/blowfish.

Last edited by WhoCares; 07-13-2016 at 11:43.
Reply With Quote
  #14  
Old 07-13-2016, 12:01
mavermaver mavermaver is offline
Friend
 
Join Date: Aug 2014
Posts: 12
Rept. Given: 25
Rept. Rcvd 7 Times in 3 Posts
Thanks Given: 4
Thanks Rcvd at 3 Times in 2 Posts
mavermaver Reputation: 7
Thumbs up

Quote:
Originally Posted by Pansemuckl View Post
And even easier downloading here
http://ul.to/bs1r1j9j

For those who are like me member of this forum for 10+ years, and still don't have privilege to download attachments.
Come on, change these ridiculous policies. All it does is harm the forum. People seek other places to download.
Yes. It's a really ridiculous policy.
Reply With Quote
The Following User Says Thank You to mavermaver For This Useful Post:
typedef (08-19-2016)
  #15  
Old 07-14-2016, 20:03
Newbie_Cracker's Avatar
Newbie_Cracker Newbie_Cracker is offline
VIP
 
Join Date: Jan 2005
Posts: 213
Rept. Given: 74
Rept. Rcvd 26 Times in 12 Posts
Thanks Given: 18
Thanks Rcvd at 2 Times in 2 Posts
Newbie_Cracker Reputation: 26
Is it the password? It is not working for me

Quote:
01110010 00111001 00101011 01001100 01001101 00101011 01010000 01010111 01101000 01100011 01010010 01101011 00111110 00100111 01010001 00100010 01001011 01100111 01101000 01100101
__________________
UnREal RCE - Persian Crackers

UnREal RCE is UNDERGROUND hereafter !
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On


Similar Threads
Thread Thread Starter Forum Replies Last Post
SignatureToDetour: Converts IDA Pro signatures to C++ Detours sh3dow Source Code 2 01-23-2017 21:14
microsoft ddk kP^ General Discussion 3 10-20-2003 20:39


All times are GMT +8. The time now is 15:31.


ICP05004977
vBulletin Security provided by vBSecurity v2.2.0 (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX