Microsoft Detours

Last updated
Microsoft Detours
Original author(s) Microsoft Research
Developer(s) Microsoft
Initial releaseJanuary 16, 2002;21 years ago (2002-01-16)
Stable release
4.0.1 / April 16, 2018;5 years ago (2018-04-16)
Repository Detours on GitHub
Written in C++
Operating system Microsoft Windows
Type Software library
License MIT License
Website Official website OOjs UI icon edit-ltr-progressive.svg

Microsoft Detours is an open source library for intercepting, monitoring and instrumenting binary functions on Microsoft Windows. [1] It is developed by Microsoft and is most commonly used to intercept Win32 API calls within Windows applications. Detours makes it possible to add debugging instrumentation and to attach arbitrary DLLs to any existing Win32 binary. Detours does not require other software frameworks as a dependency and works on ARM, x86, x64, and IA-64 systems. [2] The interception code is applied dynamically at execution time.

Contents

Detours is used by product teams at Microsoft and has also been used by ISVs. [1] [3] [4]

Prior to 2016, Detours was available in a free version limited for non-commercial and 32 bit only use and a paid version for commercial use. [5] Since 2016, the source code is licensed under MIT License and available on GitHub. [1]

See also

Related Research Articles

<span class="mw-page-title-main">Wine (software)</span> Windows compatibility software

Wine is a free and open-source compatibility layer that aims to allow application software and computer games developed for Microsoft Windows to run on Unix-like operating systems. Wine also provides a software library, named Winelib, against which developers can compile Windows applications to help port them to Unix-like systems.

A disassembler is a computer program that translates machine language into assembly language—the inverse operation to that of an assembler. Disassembly, the output of a disassembler, is often formatted for human-readability rather than suitability for input to an assembler, making it principally a reverse-engineering tool. Common uses of disassemblers include recovering source code of a program whose original source was lost, malware analysis, modifying software, and software cracking.

<span class="mw-page-title-main">Windows API</span> Microsofts core set of application programming interfaces on Windows

The Windows API, informally WinAPI, is Microsoft's core set of application programming interfaces (APIs) available in the Microsoft Windows operating systems. The name Windows API collectively refers to several different platform implementations that are often referred to by their own names ; see the versions section. Almost all Windows programs interact with the Windows API. On the Windows NT line of operating systems, a small number use the Native API.

RAR is a proprietary archive file format that supports data compression, error correction and file spanning. It was developed in 1993 by Russian software engineer Eugene Roshal and the software is licensed by win.rar GmbH. The name RAR stands for Roshal Archive.

<span class="mw-page-title-main">ReactOS</span> Free software Windows NT-like operating system

ReactOS is a free and open-source operating system for amd64/i686 personal computers intended to be binary-compatible with computer programs and device drivers made for Windows Server 2003 and later versions of Windows. ReactOS has been noted as a potential open-source drop-in replacement for Windows and for its information on undocumented Windows APIs.

<span class="mw-page-title-main">Interactive Disassembler</span> Software reverse engineering tool

The Interactive Disassembler (IDA) is a disassembler for computer software which generates assembly language source code from machine-executable code. It supports a variety of executable formats for different processors and operating systems. It can also be used as a debugger for Windows PE, Mac OS X Mach-O, and Linux ELF executables. A decompiler plug-in, which generates a high level, C source code-like representation of the analysed program, is available at extra cost.

Interix was an optional, POSIX-conformant Unix subsystem for Windows NT operating systems. Interix was a component of Windows Services for UNIX, and a superset of the Microsoft POSIX subsystem. Like the POSIX subsystem, Interix was an environment subsystem for the NT kernel. It included numerous open source utility software programs and libraries. Interix was originally developed and sold as OpenNT until purchased by Microsoft in 1999.

<span class="mw-page-title-main">Watcom C/C++</span>

Watcom C/C++ is an integrated development environment (IDE) product from Watcom International Corporation for the C, C++, and Fortran programming languages. Watcom C/C++ was a commercial product until it was discontinued, then released under the Sybase Open Watcom Public License as Open Watcom C/C++. It features tools for developing and debugging code for DOS, OS/2, Windows, Linux operating systems, which are based upon x86, IA-32, x86-64 compatible processors.

In computer programming, the term hooking covers a range of techniques used to alter or augment the behaviour of an operating system, of applications, or of other software components by intercepting function calls or messages or events passed between software components. Code that handles such intercepted function calls, events or messages is called a hook.

<span class="mw-page-title-main">Windows File Manager</span> File manager bundled with Microsoft Windows in the 1990s

File Manager is a file manager program bundled with releases of OS/2 and Microsoft Windows between 1988 and 1999 and available from 6 April 2018 as an optional download for all modern releases of Windows, including Windows 10.

<span class="mw-page-title-main">Executor (software)</span> Program used to emulate Motorola 68000-based Macintosh programs

Executor is a software application that allows Motorola 68000-based classic Mac OS programs to be run on various x86-based operating systems. Executor was created by ARDI. As of 2005, Executor development has been indefinitely postponed; as of 2008, it was made available as open source software.

<span class="mw-page-title-main">Ghidra</span> Free reverse engineering tool developed by the National Security Agency

Ghidra is a free and open source reverse engineering tool developed by the National Security Agency (NSA) of the United States. The binaries were released at RSA Conference in March 2019; the sources were published one month later on GitHub. Ghidra is seen by many security researchers as a competitor to IDA Pro. The software is written in Java using the Swing framework for the GUI. The decompiler component is written in C++, and is therefore usable in a stand-alone form.

Mingw-w64 is a free and open source software development environment to create (cross-compile) Microsoft Windows PE applications. It was forked in 2005–2010 from MinGW.

CodeXL was an open-source software development tool suite which included a GPU debugger, a GPU profiler, a CPU profiler, Graphics frame analyzer and a static shader/kernel analyzer.

<span class="mw-page-title-main">Longene</span> Linux distribution

Longene is a Linux-based operating system kernel intended to be binary compatible with application software and device drivers made for Microsoft Windows and Linux. As of 1.0-rc2, it consists of a Linux kernel module implementing aspects of the Windows kernel and a modified Wine distribution designed to take advantage of the more native interface. Longene is written in the C programming language and is free and open source software. It is licensed under the terms of the GNU General Public License version 2 (GPLv2).

<span class="mw-page-title-main">Visual Studio Code</span> Source code editor developed by Microsoft

Visual Studio Code, also commonly referred to as VS Code, is a source-code editor made by Microsoft with the Electron Framework, for Windows, Linux and macOS. Features include support for debugging, syntax highlighting, intelligent code completion, snippets, code refactoring, and embedded Git. Users can change the theme, keyboard shortcuts, preferences, and install extensions that add functionality.

Microsoft, a technology company historically known for its opposition to the open source software paradigm, turned to embrace the approach in the 2010s. From the 1970s through 2000s under CEOs Bill Gates and Steve Ballmer, Microsoft viewed the community creation and sharing of communal code, later to be known as free and open source software, as a threat to its business, and both executives spoke negatively against it. In the 2010s, as the industry turned towards cloud, embedded, and mobile computing—technologies powered by open source advances—CEO Satya Nadella led Microsoft towards open source adoption although Microsoft's traditional Windows business continued to grow throughout this period generating revenues of 26.8 billion in the third quarter of 2018, while Microsoft's Azure cloud revenues nearly doubled.

<span class="mw-page-title-main">ProcDump</span>

ProcDump is a command-line application used for monitoring an application for CPU spikes and creating crash dumps during a spike. The crash dumps can then be used by an administrator or software developer to determine the cause of the spike. ProcDump supports monitoring of hung windows and unhandled exceptions. It can also create dumps based on the values of system performance counters.

References

  1. 1 2 3 "Microsoft Research Detours Package". microsoft/Detours. January 16, 2021 via GitHub.
  2. "Detours: Binary Interception of Win32 Functions" (PDF). cs.columbia.edu.
  3. "MS Detours: Ongoing vigilance keeps customers on the right track". September 10, 2013.
  4. "Service and Support". support.sophos.com.
  5. "Detours". Microsoft.com.

Further reading