Microsoft Research Detours Package
Express Version 3.0 Build_316
DISCLAIMER AND LICENSE:
=======================
The entire Detours package is covered by copyright law.
Copyright (c) Microsoft Corporation. All rights reserved.
Portions are covered by patents owned by Microsoft Corporation.
Usage of the Detours package is covered under the End User License Agreement.
Your usage of Detours implies your acceptance of the End User License Agreement.
Detours 3.0 Professional, which includes rights to use Detours in commerical
products and production use is available through the online Microsoft Store:
http://www.microsoftstore.com/store/msstore/en_US/pd/productID.216531800
1. INTRODUCTION:
================
This document describes the installation and usage of this version of the
Detours package. In particular, it provides an updated API table.
Complete documentation for the Detours package, including a detailed API
reference can be found in the Detours.chm file.
2. BUILD INSTRUCTIONS:
======================
If you installed Detours under the "Program Files" directory, copy the entire
contents of the detours directory to some other location where your account
has write access before attempting to build.
To build the libraries and the sample applications, type "nmake" in the
root directory of your Detours distribution.
If you are using Detours for the first time, a good practice is to start
by modifying one of the samples that is closest to your desired usage.
3. VERIFYING THE INSTALL AND BUILD:
===================================
After building the libraries and sample applications, you can verify that
the Detours packet works on your Windows OS by typing "nmake test" in the
samples\slept directory. The output of "namke test" should be similar
to that contained in the file samples\slept\NORMAL.TXT.
4. CHANGES IN VERSION 3.0:
==========================
The following major changes were made in Detours 3.0 from Detours 2.x:
* Support for mixing 32-bit and 64-bit processes.
* Support for ARM processors (in addition to support for X86, X64, and IA64).
* Removal of the detoured.dll marker binary.
* Compatibility improvements, especially on x64 processors.
* Addition of APIs to enumerate PE binary Imports and to determine the
module referenced by a function pointer.
* Improved support for highly-optimized code on X64 processors.
* Improved support for detouring hot-patchable binaries.
* Improved algorithm for allocation of trampolines.
4.1. SUPPORT FOR MIXING 32-BIT AND 64-BIT PROCESSES:
====================================================
Previous version of Detours only supported pure 64-bit or pure 32-bit
environments. Detours 3.0 includes support for creating parallel 32-bit
and 64-bit DLLs that can be loaded dynamically into target processes with
Detours automatically selecting the correct architectur DLL. The
DetourCreateProcessWithDllEx function selects the correct DLL based on
the word size (32-bit or 64-bit) of the target process. For more
information see the "Detouring 32-bit and 64-bit Processes" section of
the Detours documentation (Detours.chm).
4.2. ARM SUPPORT:
=================
Detours 3.0 includes support for detouring functions on ARM processors
using the Thumb-2 instruction set.
4.3. REMOVAL OF DETOURED.DLL:
=============================
Products shipping with Detours 3.0 no longer need to include detoured.dll
in their dependencies. Prior to Detours 3.0, Detours loaded the detoured.dll
shared library stub into any process which was modified by the insertion of
a detour. This allowed the Microsoft Customer Support Services (CSS) and the
Microsoft Online Crash Analysis (OCA) teams to quickly and accurately
determine that the behavior of a process has been altered by a detour.
Microsoft does not provide customer assistance on detoured products.
With Detours 3.0, detoured.dll has been removed. Advances in recent versions
of Windows allow CSS and OCA to accurately track third-party code that has
been loaded into a process, thus removing the need for detoured.dll. One
side effect of this change is that the path to the detoured.dll is no longer
provided as an argument to DetourCreateProcessWithDll, reducing it's argument
count by one.
4.4. COMPATIBILITY IMPROVEMENTS:
================================
Fixes have been made in Detours 3.0 to improve support for target binaries
containing no DLL imports, DLL binaries compiled for online-patching,
binaries generated with hot-patching support, and 64-bit PE binaries
containing managed code.
4.5. APIS TO ENUMERATE PE BINARY IMPORTS:
=========================================
Added DetourEnumerateImports API to enumerate the functions imported by a
EXE or DLL. Given a pointer to a function, the DetourGetContainingModule
API will return the HMODULE of the binary within which it resides.
4.6. TRANSACTIONAL MODEL AND THREAD UPDATE:
===========================================
Typically, a developer uses the Detours package to detour a family of
functions. Race conditions can be introduced into the detour code as the
target functions are detoured one by one. Also, the developer typically
wants a error model in which all target functions are detoured entirely or
none of the target functions are detoured if a particular function can't be
detoured. In previous version of Detours, programmers either ignored
these race and error conditions, or attempted to avoid them by carefully
timing the insertion and deletion of detours.
To simplify the development model, Detours 3.0 uses a transactional model for
attaching and detaching detours. Your code should call DetourTransactionBegin
to begin a transaction, issue a group of DetourAttach or DetourDetach calls to
affect the desired target functions, call DetourUpdateThread to mark threads
which may be affected by the updates, and then call
DetourTransactionCommit to complete the operation.
When DetourTransactionCommit is called, Detours suspends all effected
threads (except the calling thread), insert or removes the detours as
specified, updates the program counter for any threads that were running
inside the affected functions, then resumes the affected threads. If an error
occurs during the transaction, or if DetourTransactioAbort is called, Detours
safely aborts all of the operations within the transaction. From the perspective
of all threads marks marked for update, the entire transaction is atomic,
either all threads and functions are modified, or none are modified.
4.7. 64-BIT SUPPORT:
====================
Detours includes support for 64-bit execution on X64 and IA64 processors.
Detours understands the new 64-bit instructions of the X64 and IA64 and can
detour 64-bit code when used in a 64-bit process.
4.8. ALLOCATION OF TRAMPOLINES:
===============================
To intercept calls, Detours copies the first few instructions of the target
function into a block of memory called a trampoline. In previous versions
of Detours, trampolines were allocated a close as possible to the target
code. In some cases, the trampoline memory would conflict with later
DLL loads in the same process. This would hurt performance by causing
later DLLs to be dynamically rebased. Detours 3.0 includes a new algorithm
for allocating trampolines. The new algorithm attempts to place trampolines
roughly 1GB above or below the target code in the address space.
5. API SUMMARY:
===============
5.1. APIS FOR DETOURING TARGET FUNCTIONS:
=========================================
DetourTransactionBegin() - Begin a new detour transaction.
DetourUpdateThread() - Mark a thread that should be included in the
current detour transaction.
DetourAttach() - Attach a detour to a target function as part
没有合适的资源?快使用搜索试试~ 我知道了~
温馨提示
Detours 3.0 Pro 专业版。测试 VS2015 专业版编译通过。 解压到 VS 安装目录下的 VC 然后打开 VS x86 或 x64 本机工具命令提示符,输入 cd detours\src 回车,最后 nmake 回车即可。4.0 已开源:https://github.com/microsoft/Detours
资源推荐
资源详情
资源评论
收起资源包目录
Detours Pro 3.0 支持 x86 x64 和 ARM (154个子文件)
Express Version 3.0 Build_316 31B
ia64.asm 29KB
x64.asm 15KB
arm.asm 7KB
Detours.chm 105KB
_win32.cpp 1.05MB
trcbld.cpp 133KB
disasm.cpp 117KB
cping.cpp 67KB
image.cpp 64KB
detours.cpp 63KB
trctcp.cpp 58KB
trcssl.cpp 54KB
trcreg.cpp 48KB
creatwth.cpp 47KB
trcser.cpp 33KB
modules.cpp 30KB
syelog.cpp 29KB
dtest.cpp 26KB
tracebld.cpp 19KB
trclnk.cpp 19KB
syelogd.cpp 19KB
talloc.cpp 17KB
trcmem.cpp 15KB
withdll.cpp 15KB
trcapi.cpp 14KB
impmunge.cpp 14KB
symtest.cpp 13KB
tstman.cpp 11KB
uimports.cpp 11KB
dtarge.cpp 11KB
setdll.cpp 10KB
dumpi.cpp 8KB
disas.cpp 8KB
firstexc.cpp 7KB
wrotei.cpp 5KB
x86.cpp 5KB
member.cpp 5KB
extend.cpp 5KB
sltest.cpp 4KB
dslept.cpp 4KB
excep.cpp 4KB
sltestp.cpp 3KB
slept.cpp 3KB
dumpe.cpp 3KB
commem.cpp 3KB
sleepbed.cpp 3KB
size.cpp 3KB
einst.cpp 2KB
sleepnew.cpp 2KB
simple.cpp 2KB
ogldet.cpp 2KB
testapi.cpp 2KB
verify.cpp 2KB
edll3x.cpp 2KB
sleepold.cpp 2KB
echofx.cpp 2KB
comeasy.cpp 1KB
edll2x.cpp 1KB
edll1x.cpp 1KB
target.cpp 1KB
findfunc.cpp 990B
tdll5x.cpp 795B
tdll1x.cpp 795B
tdll8x.cpp 795B
tdll4x.cpp 795B
tdll6x.cpp 795B
tdll3x.cpp 795B
tdll2x.cpp 795B
tdll9x.cpp 795B
tdll7x.cpp 795B
sleep5.cpp 665B
tryman.cpp 561B
testogl.cpp 494B
main.cpp 483B
unk.cpp 338B
echonul.cpp 205B
managed.cs 1KB
cping.dat 0B
detours.h 23KB
syelog.h 4KB
dtarge.h 3KB
tracebld.h 2KB
firstexc.h 644B
detver.h 641B
slept.h 590B
target.h 389B
iping.idl 718B
system.mak 3KB
common.mak 2KB
Makefile 11KB
Makefile 9KB
Makefile 8KB
Makefile 7KB
Makefile 6KB
Makefile 6KB
Makefile 5KB
Makefile 5KB
Makefile 4KB
Makefile 4KB
共 154 条
- 1
- 2
至天
- 粉丝: 423
- 资源: 5
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
- 1
- 2
前往页