Detours Express

Latest Software, Programming

A library that can intercept Win32 binary functions, inserting detour functions without affecting the original binary, providing flexibility and versatility to any developer.

  • Detours Express
  • Version :3.0 Build 316
  • License :Demo
  • OS :Windows All
  • Publisher :Microsoft

Download Now

Detours Express Description

Detours Express is a Microsoft-signed package that allows the interception of functions calls, regardless of the architecture of the system.

The library applies interception code (detours) at execution, interpolating the detour function between the source and the target functions by replacing the first instructions of the source and storing them in a so-called ‘trampoline’ function. The entire structure works in a simple way: when the target function is reached, execution is redirected to the detour, which controls the entire procedure, performing pre-processing and post-processing actions until the target function is complete.

Detouring a target function is commonly done in compiled applications but without making changes to the binaries. Detour functions come as a DLL package, which is loaded into the app using a dedicated ‘DetourCreateProcessWithDll’ API using an import table. Dedicated DLL files must be customized for 32-bit and 64-bit systems.

The package comes with various other APIs that can be called in the main function to access the payloads and modify the binaries, insert DLL into the execution process, create or find the target process, and insert the detour function.

Aside from an extensive documentation that explains how the library and the entire detouring process work, the package also includes a generous array of samples you can build to see Detours Express in action. Building the samples requires you to use ‘nmake’ fuctions. In order to show how each example is used, a test is included for every sample.

Detours is capable of manipulating Win32 functions by re-writing the in-memory code for target functions or by attaching user-created DLL files or payloads to a binary. However, the original target function is preserved. This offers flexibility and versatility to developers, who can add extensions and instrumentation methods in their applications.

Limitations in the unregistered version

  • Limited to 32-bit processes on x86 processors
  • Non-commercial, and non-production us only

Leave a Reply

Your email address will not be published.