Exetools  

Go Back   Exetools > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-02-2016, 09:33
b30wulf's Avatar
b30wulf b30wulf is offline
Family
 
Join Date: Nov 2013
Posts: 194
Rept. Given: 210
Rept. Rcvd 116 Times in 38 Posts
Thanks Given: 195
Thanks Rcvd at 229 Times in 74 Posts
b30wulf Reputation: 100-199 b30wulf Reputation: 100-199
Thumbs up Microsoft Detours Pro v3.0

After a couple of request on pm i have decided to share it with community.

Detours Professional includes support for either 32-bit or 64-bit processes on x86 and other Windows-compatible processors.
Detours 3.0 includes the following new features over Detours 2.x:
Support for 64-bit code on x64 and IA64 processors (Professional Edition only).
Support for all Windows processors (Professional Edition only).
Removed requirement for including detoured.dll in processes.
Compatibility improvements for detouring APIs used by managed-code (MSIL) programs, especially on x64 processors.
Addition of APIs to enumerate PE binary Imports and to determine the module referenced by a function pointer.

Password is easy to get, i didn't wanted to be just copy paste.
Attached Files
File Type: txt password.txt (179 Bytes, 81 views)
File Type: rar Detours_Pro_v3.0.rar (221.3 KB, 143 views)
Reply With Quote
The Following User Gave Reputation+1 to b30wulf For This Useful Post:
atom0s (02-03-2016)
The Following 17 Users Say Thank You to b30wulf For This Useful Post:
0xNOP (05-16-2016), ahmadmansoor (04-19-2016), atom0s (02-03-2016), BoB (08-07-2016), doingtest (05-14-2016), dude719 (11-26-2016), dyn!o (09-04-2016), emo (03-17-2016), Fyyre (08-19-2017), TechLord (02-02-2016), Tomy73 (02-07-2016), uranus64 (02-02-2016), WRP (02-02-2016), __Genius__ (10-11-2016)
  #2  
Old 02-02-2016, 16:40
besoeso's Avatar
besoeso besoeso is offline
Family
 
Join Date: May 2010
Posts: 174
Rept. Given: 416
Rept. Rcvd 100 Times in 39 Posts
Thanks Given: 487
Thanks Rcvd at 55 Times in 39 Posts
besoeso Reputation: 100-199 besoeso Reputation: 100-199
Is it the same share here before? Right?

http://forum.exetools.com/showpost.php?p=102344&postcount=5
Reply With Quote
The Following 2 Users Say Thank You to besoeso For This Useful Post:
congviet (02-02-2016), zeuscane (02-02-2016)
  #3  
Old 02-02-2016, 23:06
FoxB FoxB is offline
VIP
 
Join Date: Jan 2002
Location: Earth...
Posts: 934
Rept. Given: 15
Rept. Rcvd 125 Times in 83 Posts
Thanks Given: 20
Thanks Rcvd at 674 Times in 278 Posts
FoxB Reputation: 100-199 FoxB Reputation: 100-199
both

// Microsoft Research Detours Package, Version 3.0 Build_316
Reply With Quote
  #4  
Old 02-03-2016, 07:15
b30wulf's Avatar
b30wulf b30wulf is offline
Family
 
Join Date: Nov 2013
Posts: 194
Rept. Given: 210
Rept. Rcvd 116 Times in 38 Posts
Thanks Given: 195
Thanks Rcvd at 229 Times in 74 Posts
b30wulf Reputation: 100-199 b30wulf Reputation: 100-199
Yep, didn't notice that its all ready on forum.
Anyway now will be easier to find.
Reply With Quote
  #5  
Old 02-03-2016, 10:04
Pansemuckl Pansemuckl is offline
Friend
 
Join Date: Nov 2005
Posts: 39
Rept. Given: 6
Rept. Rcvd 4 Times in 2 Posts
Thanks Given: 17
Thanks Rcvd at 44 Times in 15 Posts
Pansemuckl Reputation: 4
Quote:
Originally Posted by b30wulf View Post
Yep, didn't notice that its all ready on forum.
Anyway now will be easier to find.
And even easier downloading here
http://ul.to/bs1r1j9j

For those who are like me member of this forum for 10+ years, and still don't have privilege to download attachments.
Come on, change these ridiculous policies. All it does is harm the forum. People seek other places to download.

Last edited by Pansemuckl; 02-03-2016 at 10:09.
Reply With Quote
The Following 21 Users Say Thank You to Pansemuckl For This Useful Post:
Anticode (03-12-2016), b30wulf (02-03-2016), bilbo (02-04-2016), Conquest (02-05-2016), demon_da (05-22-2017), dude719 (05-12-2016), elephant (02-08-2016), foosaa (03-22-2016), mavermaver (07-13-2016), mcp (02-03-2016), n00b (02-07-2016), NeWOT (08-12-2016), ontryit (02-05-2016), Rikkie (09-05-2016), romero (05-26-2016), sackpower (08-10-2016), Sir.V65j (05-13-2016), Stingered (12-29-2017), virus (03-23-2016)
  #6  
Old 02-05-2016, 12:34
Conquest Conquest is offline
Friend
 
Join Date: Jan 2013
Location: 0x484F4D45
Posts: 125
Rept. Given: 46
Rept. Rcvd 29 Times in 17 Posts
Thanks Given: 31
Thanks Rcvd at 60 Times in 29 Posts
Conquest Reputation: 29
Quote:
Originally Posted by Pansemuckl View Post
And even easier downloading here
http://ul.to/bs1r1j9j

For those who are like me member of this forum for 10+ years, and still don't have privilege to download attachments.
Come on, change these ridiculous policies. All it does is harm the forum. People seek other places to download.
any mirror? ul.to isnt accessible here
Reply With Quote
  #7  
Old 02-06-2016, 14:02
FoxB FoxB is offline
VIP
 
Join Date: Jan 2002
Location: Earth...
Posts: 934
Rept. Given: 15
Rept. Rcvd 125 Times in 83 Posts
Thanks Given: 20
Thanks Rcvd at 674 Times in 278 Posts
FoxB Reputation: 100-199 FoxB Reputation: 100-199
http://rghost.net/6qR6LYxv5
Reply With Quote
The Following 7 Users Say Thank You to FoxB For This Useful Post:
bilbo (02-08-2016), Conquest (02-06-2016), emo (05-12-2016), Giotis (08-27-2016), niculaita (02-06-2016), Tomy73 (02-07-2016), WRP (02-08-2016)
  #8  
Old 03-17-2016, 00:19
emo emo is offline
Friend
 
Join Date: Dec 2010
Posts: 82
Rept. Given: 237
Rept. Rcvd 12 Times in 8 Posts
Thanks Given: 69
Thanks Rcvd at 8 Times in 6 Posts
emo Reputation: 12
this detours source code?
Reply With Quote
  #9  
Old 03-17-2016, 04:13
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 396
Rept. Given: 26
Rept. Rcvd 126 Times in 63 Posts
Thanks Given: 54
Thanks Rcvd at 730 Times in 279 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Quote:
Originally Posted by emo View Post
this detours source code?
Yes, Detours does not come precompiled in any edition. This includes the 32bit and 64bit code.
Reply With Quote
  #10  
Old 05-11-2016, 09:32
IChooseYou
 
Posts: n/a
I have only used to Detours 1.5 before, and the documentation for 3.0 isn't great. So in case anyone struggles:

PHP Code:
PVOID SetDetourPVOIDppTargetPVOID pHandler )
{
    if ( 
DetourTransactionBegin( ) != NO_ERROR )
        return 
FALSE;

    if ( 
DetourUpdateThreadGetCurrentThread( ) ) != NO_ERROR )
    {
        
DetourTransactionCommit( );
        return 
NULL;
    }

    
PDETOUR_TRAMPOLINE pTrampoline NULL;
    
    if ( 
DetourAttachExppTargetpHandler, &pTrampolineNULLNULL ) != NO_ERROR )
    {
        
DetourTransactionCommit( );
        return 
NULL;        
    }

    if ( 
DetourTransactionCommit( ) != NO_ERROR )
    {
        
DetourTransactionAbort( );
        return 
NULL;
    }

    return 
pTrampoline;

Retouring works the same, call DetourDetach as opposed to DetourAttach/DetourAttachEx

PHP Code:
    g_lpDispatchMessage reinterpret_cast<PVOID*>( 0x14317DCD0 );
    
oDispatchMessage reinterpret_cast<tDispatchMessage>( SetDetour( &g_lpDispatchMessagehkDispatchMessage ) );

    
RemoveDetour( &g_lpDispatchMessagehkDispatchMessage ); 
Reply With Quote
The Following 6 Users Say Thank You to For This Useful Post:
besoeso (05-12-2016), dude719 (05-12-2016), romero (05-26-2016), user_hidden (05-11-2016)
  #11  
Old 05-11-2016, 21:05
user_hidden user_hidden is offline
Family
 
Join Date: May 2016
Posts: 233
Rept. Given: 5
Rept. Rcvd 20 Times in 14 Posts
Thanks Given: 338
Thanks Rcvd at 452 Times in 170 Posts
user_hidden Reputation: 20
IChooseYou, that pushed me in a better direction with as you say lack of documentation in 3.0
Reply With Quote
  #12  
Old 05-12-2016, 14:42
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 396
Rept. Given: 26
Rept. Rcvd 126 Times in 63 Posts
Thanks Given: 54
Thanks Rcvd at 730 Times in 279 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Here is an example of hooking Win32 API without a trampoline since they are not always needed:
(Error checking code omitted for ease of reading.)

PHP Code:
extern "C"
{
    
HWND (WINAPI *Real_CreateWindowExA)(DWORDLPCSTRLPCSTRDWORDintintintintHWNDHMENUHINSTANCELPVOID) = CreateWindowExA;
};

/**
 * user32!CreateWindowExA detour callback.
 */
HWND __stdcall Mine_CreateWindowExA(DWORD dwExStyleLPCSTR lpClassNameLPCSTR lpWindowNameDWORD dwStyleint xint yint nWidthint nHeightHWND hWndParentHMENU hMenuHINSTANCE hInstanceLPVOID lpParam)
{
    
// Do your personal alterations and such here..
    
    
return Real_CreateWindowExA(dwExStylelpClassNamelpWindowNamedwStylexynWidthnHeighthWndParenthMenuhInstancelpParam);
}

// Attach the detour..
DetourTransactionBegin();
DetourUpdateThread(::GetCurrentThread());
DetourAttach(&(PVOID&)Real_CreateWindowExAMine_CreateWindowExA);
DetourTransactionCommit(); 
Reply With Quote
The Following 6 Users Say Thank You to atom0s For This Useful Post:
chants (09-02-2018), NeWOT (08-12-2016), sh3dow (05-13-2016), xenocidewiki (05-13-2016)
  #13  
Old 07-13-2016, 11:32
WhoCares's Avatar
WhoCares WhoCares is offline
who cares
 
Join Date: Jan 2002
Location: Here
Posts: 409
Rept. Given: 10
Rept. Rcvd 16 Times in 14 Posts
Thanks Given: 41
Thanks Rcvd at 155 Times in 61 Posts
WhoCares Reputation: 17
so good.

I got detours 3 source code from the open source .net framework code, but there is a nasty typo bug...and finally microsoft removed the leaked code form their open source site.
__________________
AKA Solomon/blowfish.

Last edited by WhoCares; 07-13-2016 at 11:43.
Reply With Quote
  #14  
Old 07-13-2016, 12:01
mavermaver mavermaver is offline
Friend
 
Join Date: Aug 2014
Posts: 14
Rept. Given: 21
Rept. Rcvd 7 Times in 3 Posts
Thanks Given: 33
Thanks Rcvd at 7 Times in 5 Posts
mavermaver Reputation: 7
Thumbs up

Quote:
Originally Posted by Pansemuckl View Post
And even easier downloading here
http://ul.to/bs1r1j9j

For those who are like me member of this forum for 10+ years, and still don't have privilege to download attachments.
Come on, change these ridiculous policies. All it does is harm the forum. People seek other places to download.
Yes. It's a really ridiculous policy.
Reply With Quote
The Following User Says Thank You to mavermaver For This Useful Post:
  #15  
Old 07-14-2016, 20:03
Newbie_Cracker's Avatar
Newbie_Cracker Newbie_Cracker is online now
VIP
 
Join Date: Jan 2005
Posts: 227
Rept. Given: 72
Rept. Rcvd 26 Times in 12 Posts
Thanks Given: 48
Thanks Rcvd at 25 Times in 18 Posts
Newbie_Cracker Reputation: 26
Is it the password? It is not working for me

Quote:
01110010 00111001 00101011 01001100 01001101 00101011 01010000 01010111 01101000 01100011 01010010 01101011 00111110 00100111 01010001 00100010 01001011 01100111 01101000 01100101
__________________
In memory of UnREal RCE...
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On


Similar Threads
Thread Thread Starter Forum Replies Last Post
SignatureToDetour: Converts IDA Pro signatures to C++ Detours sh3dow Source Code 2 01-23-2017 21:14
microsoft ddk kP^ General Discussion 3 10-20-2003 20:39


All times are GMT +8. The time now is 19:02.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )