https://www.gremwell.com/ en https://www.gremwell.com/windows-detours-library-for-the-people <span>Windows Detours library for the people</span> <div><p>Microsoft Detours library can be used to attach a hook to system functions invoked by Windows programs. You can write an arbitrary code which will get invoked when a program tries, for example, send something over SSL, or get a current timestamp, and handle it as it pleases you instead of (or in addition to) passing it to standard Windows libraries.</p> <p>Hopefully notes below will be useful for fellas who, like myself, are not skilled Windows developers, but occasionally get thrown into the Windows world and need to intercept a function call or two.</p> <p>Getting Detours library to work:</p> <p> * Download and install MS Visual Studio Express 2010 (<a href="http://www.microsoft.com/express/Downloads/">http://www.microsoft.com/express/Downloads/</a>)<br /> * Download and install Detours library (<a href="http://research.microsoft.com/en-us/projects/detours/">http://research.microsoft.com/en-us/projects/detours/</a>)<br /> * Build Detours library. In cmd.exe (on Windows 7 it has to be running as an administrator):<br /> - "\Program Files\Microsoft Visual Studio 10.0\VC\vcvarsall.bat"<br /> - cd "\Program Files\Microsoft Research\Detours Express 2.1"<br /> - nmake<br /> + it will build libraries and sample programs and places it<br /> under lib\ and bin\ directory<br /> + on my PC it fails to finish for some reason, but after it<br /> builds lib\ and bin\withdll.exe, so it is ok</p> <p>Creating project to use with Detours lib:</p> <p> * In Visual Studio create a Win32 DLL project<br /> * Add paths to Detours library: Project properties / Configuration properties<br /> - C/C++ / Additional Include Directories: add \Program Files\Microsoft Research\Detours Express 2.1\include<br /> - Linker / Additional Library Directories: add \Program Files\Microsoft Research\Detours Express 2.1\lib<br /> * Create source code:<br /> - Copy the content of sample\simple\simple.cpp into dllmain.cpp<br /> - Add two lines to ddlmain.cpp<br /> + #pragma comment(lib, "detours.lib")<br /> + #pragma comment(lib, "detoured.lib")<br /> - Customize the remaining code as you need</p> <p>When you have your DLL, run it with withdll.exe (located under bin/ directory, built in the very beginning of this exercise).</p> <p>Other useful resources:</p> <p> * DLL Creation with MinGW (<a href="http://sig9.com/node/35">http://sig9.com/node/35</a>)<br /> * Redirecting HTTP traffic (<a href="http://portswigger.net/misc/">http://portswigger.net/misc/</a>)<br /> * ProcessMonitor tool (<a href="http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx">http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx</a>)</p> <p>Many thanks to Axel Meerschaert for his help with making these things work.</p> </div> <span><span lang="" about="/user/1" typeof="schema:Person" property="schema:name" datatype="">abb</span></span> <span>Mon, 10/18/2010 - 12:52</span> Mon, 18 Oct 2010 10:52:39 +0000 abb 63 at https://www.gremwell.com