Exetools

Exetools (https://forum.exetools.com/index.php)
-   Source Code (https://forum.exetools.com/forumdisplay.php?f=46)
-   -   Microsoft Detours Pro v3.0 (https://forum.exetools.com/showthread.php?t=17371)

b30wulf 02-02-2016 09:33

Microsoft Detours Pro v3.0
 
2 Attachment(s)
After a couple of request on pm i have decided to share it with community.

Detours Professional includes support for either 32-bit or 64-bit processes on x86 and other Windows-compatible processors.
Detours 3.0 includes the following new features over Detours 2.x:
Support for 64-bit code on x64 and IA64 processors (Professional Edition only).
Support for all Windows processors (Professional Edition only).
Removed requirement for including detoured.dll in processes.
Compatibility improvements for detouring APIs used by managed-code (MSIL) programs, especially on x64 processors.
Addition of APIs to enumerate PE binary Imports and to determine the module referenced by a function pointer.

Password is easy to get, i didn't wanted to be just copy paste.

besoeso 02-02-2016 16:40

Is it the same share here before? Right?

http://forum.exetools.com/showpost.php?p=102344&postcount=5

FoxB 02-02-2016 23:06

both

// Microsoft Research Detours Package, Version 3.0 Build_316

b30wulf 02-03-2016 07:15

Yep, didn't notice that its all ready on forum.
Anyway now will be easier to find.

Pansemuckl 02-03-2016 10:04

Quote:

Originally Posted by b30wulf (Post 104162)
Yep, didn't notice that its all ready on forum.
Anyway now will be easier to find.

And even easier downloading here
http://ul.to/bs1r1j9j

For those who are like me member of this forum for 10+ years, and still don't have privilege to download attachments.
Come on, change these ridiculous policies. All it does is harm the forum. People seek other places to download.

Conquest 02-05-2016 12:34

Quote:

Originally Posted by Pansemuckl (Post 104163)
And even easier downloading here
http://ul.to/bs1r1j9j

For those who are like me member of this forum for 10+ years, and still don't have privilege to download attachments.
Come on, change these ridiculous policies. All it does is harm the forum. People seek other places to download.

any mirror? ul.to isnt accessible here

FoxB 02-06-2016 14:02

http://rghost.net/6qR6LYxv5

emo 03-17-2016 00:19

this detours source code?

atom0s 03-17-2016 04:13

Quote:

Originally Posted by emo (Post 104650)
this detours source code?

Yes, Detours does not come precompiled in any edition. This includes the 32bit and 64bit code.

IChooseYou 05-11-2016 09:32

I have only used to Detours 1.5 before, and the documentation for 3.0 isn't great. So in case anyone struggles:

PHP Code:

PVOID SetDetourPVOIDppTargetPVOID pHandler )
{
    if ( 
DetourTransactionBegin( ) != NO_ERROR )
        return 
FALSE;

    if ( 
DetourUpdateThreadGetCurrentThread( ) ) != NO_ERROR )
    {
        
DetourTransactionCommit( );
        return 
NULL;
    }

    
PDETOUR_TRAMPOLINE pTrampoline NULL;
    
    if ( 
DetourAttachExppTargetpHandler, &pTrampolineNULLNULL ) != NO_ERROR )
    {
        
DetourTransactionCommit( );
        return 
NULL;        
    }

    if ( 
DetourTransactionCommit( ) != NO_ERROR )
    {
        
DetourTransactionAbort( );
        return 
NULL;
    }

    return 
pTrampoline;


Retouring works the same, call DetourDetach as opposed to DetourAttach/DetourAttachEx

PHP Code:

    g_lpDispatchMessage reinterpret_cast<PVOID*>( 0x14317DCD0 );
    
oDispatchMessage reinterpret_cast<tDispatchMessage>( SetDetour( &g_lpDispatchMessagehkDispatchMessage ) );

    
RemoveDetour( &g_lpDispatchMessagehkDispatchMessage ); 


user_hidden 05-11-2016 21:05

IChooseYou, that pushed me in a better direction with as you say lack of documentation in 3.0

atom0s 05-12-2016 14:42

Here is an example of hooking Win32 API without a trampoline since they are not always needed:
(Error checking code omitted for ease of reading.)

PHP Code:

extern "C"
{
    
HWND (WINAPI *Real_CreateWindowExA)(DWORDLPCSTRLPCSTRDWORDintintintintHWNDHMENUHINSTANCELPVOID) = CreateWindowExA;
};

/**
 * user32!CreateWindowExA detour callback.
 */
HWND __stdcall Mine_CreateWindowExA(DWORD dwExStyleLPCSTR lpClassNameLPCSTR lpWindowNameDWORD dwStyleint xint yint nWidthint nHeightHWND hWndParentHMENU hMenuHINSTANCE hInstanceLPVOID lpParam)
{
    
// Do your personal alterations and such here..
    
    
return Real_CreateWindowExA(dwExStylelpClassNamelpWindowNamedwStylexynWidthnHeighthWndParenthMenuhInstancelpParam);
}

// Attach the detour..
DetourTransactionBegin();
DetourUpdateThread(::GetCurrentThread());
DetourAttach(&(PVOID&)Real_CreateWindowExAMine_CreateWindowExA);
DetourTransactionCommit(); 


WhoCares 07-13-2016 11:32

so good.

I got detours 3 source code from the open source .net framework code, but there is a nasty typo bug...and finally microsoft removed the leaked code form their open source site.

mavermaver 07-13-2016 12:01

Quote:

Originally Posted by Pansemuckl (Post 104163)
And even easier downloading here
http://ul.to/bs1r1j9j

For those who are like me member of this forum for 10+ years, and still don't have privilege to download attachments.
Come on, change these ridiculous policies. All it does is harm the forum. People seek other places to download.

Yes. It's a really ridiculous policy.

Newbie_Cracker 07-14-2016 20:03

Is it the password? It is not working for me

Quote:

01110010 00111001 00101011 01001100 01001101 00101011 01010000 01010111 01101000 01100011 01010010 01101011 00111110 00100111 01010001 00100010 01001011 01100111 01101000 01100101


All times are GMT +8. The time now is 07:31.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX