Microsoft Research Detours Package, Version 2.1 (Build_207)
DISCLAIMER AND LICENSE:
=======================
The entire Detours package is covered by copyright law.
Copyright (c) Microsoft Corporation. All rights reserved.
Portions may be covered by patents owned by Microsoft Corporation.
Usage of the Detours package is covered under the End User License Agreement in
the file License.doc. Your usage of Detours implies your acceptance of the End
User License Agreement. A copy of the license can be found in License.rtf
If you distribute programs which use Detours, you must also distribute a
copy of DETOURED.DLL, which is required for your program to execute.
A complete list of redistributable files is in REDIST.TXT.
1. INTRODUCTION:
================
This document describes the installation and usage of this version of the
Detours package. In particular, it provides an updated API table.
Complete documentation for the Detours package, including a detailed API
reference can be found in the Detours.chm file.
2. BUILD INSTRUCTIONS:
======================
To build the libraries and the sample applications, type "nmake".
3. VERIFYING THE INSTALL AND BUILD:
===================================
After building the libraries and sample applications, you can verify that
the Detours packet works on your Windows OS by type "nmake test" in the
samples\slept directory. The output of "namke test" should be similar
to that contained in the file samples\slept\NORMAL.TXT.
4. CHANGES IN VERSION 2.1:
==========================
The following major changes were made in Detours 2.1 from Detours 2.0:
* Addition of support for 64-bit code on Itanium 2 processors, using the
IA64 instruction set.
* Correction to disassembly table for X86 for indirection instructions
with either 8-bit or 32-bit constant operands.
The following major changes were made in Detours 2.0 from Detours 1.5:
* Complete API documentation.
* Support for 64-bit code on X64 processors.
* Addition of a transactional model for attaching and detaching detours.
* Addition of code for updating peer threads when adjusting detours.
* Replaced trampoline pointers with target pointers in the API to simplify usage.
* Support for detection of detoured processes.
* Significant compatibility fixes in the DetourCreateProcessWithDll API.
* Removed the DetourContinueProcessWithDll API.
* Added DetourCopyPayloadToProcess API to copy payloads to target processes.
4.1. COMPLETE API DOCUMENTATION:
================================
Detours 2.1 includes extensive online documentation in the Detours.chm file.
The documentation includes a technical overview of the Detours package, an
extensive API reference, descriptions of all of the Detours samples with
cross-links to the relevant APIs, and a list of Frequently Asked Questions
(FAQ) and answers.
4.2. 64-BIT SUPPORT:
====================
Detours 2.1 adds support 64-bit execution on X64 and IA64 processors.
Detours understands the new 64-bit instructions of the X64 and IA64 and can
detour 64-bit code when used in a 64-bit process. However, Detours does not
support cross-compatibility between 32-bit and 64-bit code. For example,
32-bit detours can be applied only to 32-bit code, and 64-bit detours can be
applied only to 64-bit code.
4.3. TRANSACTIONAL MODEL AND THREAD UPDATE:
===========================================
Typically, a developer uses the Detours package to detour a family of
functions. Race conditions can be introduced into the detour code as the
target functions are detoured one by one. Also, the developer typically
wants a error model in which all target functions are detours entirely or
none of the target functions are detoured if a particular function can't
be detoured. In previous version of Detours, programmers either ignored
these race and error conditions, or attempted to avoid them by carefully
timing the insertion and deletion of detours.
To simplify the development model, Detours 2.1 use a transactional model for
attaching and detaching detours. Your code should call DetourTransactionBegin
to begin a transaction, issue a group of DetourAttach or DetourDetach calls to
affect the desired target functions, call DetourUpdateThread to mark threads
which may be effected by the updates, and then call DetourTransactionCommit to
complete the operation.
When DetourTranactionCommit is called, Detours suspends all effected
threads (except the calling thread), insert or removes the detours as
specified, updates the program counter for any threads that were running
inside the effected functions, then resumes the effected threads. If an
error occurs during the transaction, or if DetourTransactioAbort is
called, Detours safely aborts all of the operations within the transaction.
From the perspective of all threads marks for update, the entire
transaction is atomic, either all threads and functions are modified,
or none or modified.
4.4. REPLACED TRAMPOLINE POINTERS WITH TARGET POINTERS IN THE API:
====================================================================
A trampoline is a small block of code modified by Detours to contain the
instructions of the target function moved to insert the detour and a jump
to the remainder of the target function. In previous versions of Detours,
trampolines where managed by the developer. Detours made this as easy
as possibly by providing C macros to statically create new trampolines,
but developer code was prone to undetected mismatches in function
signatures between target functions, detour functions and trampolines. In
addition, the developers were forced to use different APIs for statically
and dynamically available functions. With Detours 2.1, the allocation,
construction, and management of trampolines is controlled completely by
Detours.
Instead of directly using trampolines, developers should now use target
pointers to refer to target functions. Initially, the target pointer
should point to the target function. When a detour is attached to the
target function, Detours will allocate a trampoline function, and update
the target pointer to point to the trampoline. When the detour is
detached from the target function, Detours will restore the target pointer
to the target function and release the trampoline. Thanks to common C/C++
syntax, target pointers can be used exactly like functions.
The most important benefit of using target pointers, instead of trampolines
directly, is that C and C++ compiler check the check the equality of calling
conventions on function pointer assignment. As a result, any discrepancy
between the calling conventions of a target function and a detour function
will be detected at compile time, rather than appear at runtime as mysterous
bugs caused by stack misalignment.
Another benefit of using target pointers is the reduction in the Detours APIs
as the same APIs cab be used regardless of whether the address of a target
function is available at link time or must be derived dynamically.
4.5. SUPPORT FOR DETECTION OF DETOURED PROCESSES:
=================================================
Detours loads the detoured.dll shared library stub into any process which has
been modified by the insertion of a detour. This allows the Microsoft Customer
Support Services (CSS) and the Microsoft Online Crash Analysis (OCA) teams to
quickly and accurately determine that the behavior of a process has been
altered by a detour. CSS does not provide customer assistance on detoured
products.
4.6. SIGNIFICANT COMPATIBILITY FIXES IN THE DETOURCREATEPROCESSWITHDLL API:
===========================================================================
The DetourCreateProcessWithDll API has been completely rewritten. The
previous version of the API used a code injection mechanism to create a
call to LoadLibrary in the target
没有合适的资源?快使用搜索试试~ 我知道了~
detours 2.1
共95个文件
cpp:45个
makefile:26个
txt:9个
5星 · 超过95%的资源 需积分: 0 238 下载量 30 浏览量
2008-03-27
13:50:29
上传
评论
收藏 345KB RAR 举报
温馨提示
detours 2.1-------
资源详情
资源评论
资源推荐
收起资源包目录
detours 2.1.rar (95个子文件)
Detours 2.1
Detours.chm 94KB
License.rtf 27KB
src
detours.h 18KB
disasm.cpp 54KB
modules.cpp 18KB
creatwth.cpp 27KB
image.cpp 62KB
detoured.h 367B
detoured.cpp 695B
detours.cpp 34KB
detoured.rc 1KB
Makefile 4KB
samples
tracetcp
tracetcp.cpp 53KB
Makefile 2KB
commem
commem.cpp 3KB
Makefile 984B
withdll
withdll.cpp 6KB
Makefile 1KB
tracelnk
tracelnk.cpp 19KB
Makefile 2KB
simple
sleep5.cpp 692B
simple.cpp 2KB
Makefile 2KB
opengl
testogl.cpp 494B
oglsimple.cpp 2KB
Makefile 2KB
syelog
syelog.h 4KB
syelog.cpp 21KB
sltest.cpp 4KB
syelogd.cpp 17KB
sltestp.cpp 3KB
Makefile 3KB
tracemem
tracemem.cpp 15KB
Makefile 1KB
einst
edll1.cpp 1KB
einst.cpp 3KB
Makefile 2KB
edll2.cpp 1KB
edll3.cpp 2KB
traceapi
_win32.cpp 1.13MB
traceapi.cpp 13KB
Makefile 2KB
dtest
dtest.cpp 24KB
NORMAL_X86.TXT 4KB
dtarget.h 3KB
NORMAL_IA64.TXT 5KB
Makefile 2KB
dtarget.cpp 11KB
slept
slept.h 467B
slept.cpp 2KB
NORMAL_X86.TXT 8KB
dslept.cpp 5KB
NORMAL_IA64.TXT 10KB
sleepbed.cpp 3KB
verify.cpp 2KB
NORMAL_X64.TXT 9KB
Makefile 4KB
sleepnew.cpp 2KB
sleepold.cpp 2KB
common.mak 3KB
impmunge
impmunge.cpp 14KB
Makefile 1KB
dumpe
dumpe.cpp 3KB
Makefile 964B
disas
x64.asm 12KB
x86.asm 1KB
ia64.asm 29KB
disas.cpp 7KB
Makefile 1KB
tracessl
tracessl.cpp 57KB
Makefile 2KB
member
member.cpp 4KB
Makefile 974B
setdll
Makefile 1KB
setdll.cpp 8KB
dumpi
dumpi.cpp 8KB
Makefile 1002B
excep
firstexc.cpp 7KB
firstexc.h 623B
Makefile 993B
excep.cpp 4KB
cping
ReadMe.Txt 1KB
iping.idl 748B
cping.dat 0B
Makefile 2KB
cping.cpp 67KB
tracereg
Makefile 1KB
tracereg.cpp 51KB
Makefile 5KB
README.TXT 971B
traceser
traceser.cpp 35KB
Makefile 1KB
Makefile 885B
REDIST.TXT 2KB
README.TXT 15KB
共 95 条
- 1
ahuoheng
- 粉丝: 3
- 资源: 38
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- base.apk
- Vue 结合 D3.js 进行数据可视化开发的练手案例.zip
- 语音模块使用说明_jr6001调试工具.html
- 毕业设计-reat18货物运输后台管理系统
- Qt tcp通信(exe)
- tensorflow-gpu-2.7.3-cp39-cp39-manylinux2010-x86-64.whl
- tensorflow-2.8.0-cp37-cp37m-manylinux2010-x86-64.whl
- tensorflow-2.7.4-cp39-cp39-manylinux2010-x86-64.whl
- HTML后台管理系统源49套合集 H5模板源码下载 总有一款适合你 静态页面
- DDColor-PDF文献
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论6