Innovative systems research hinges on the ability to easily instrument and extend existing operating system and application functionality. With access to appropriate source code, it is often trivial to insert new instrumentation or extensions by rebuilding the OS or application. However, in today's world systems researchers seldom have access to all relevant source code.
Detours is a library for instrumenting arbitrary Win32 functions on x86, x64, and IA64 machines. Detours intercepts Win32 functions by re-writing the in-memory code for target functions. The Detours package also contains utilities to attach arbitrary DLLs and data segments (called payloads) to any Win32 binary.
Detours preserves the un-instrumented target function (callable through a trampoline) as a subroutine for use by the instrumentation. Our trampoline design enables a large class of innovative extensions to existing binary software.
We have used Detours to create an automatic distributed partitioning system, to instrument and analyze the DCOM protocol stack, and to create a thunking layer for a COM-based OS API. Detours is used widely within Microsoft and within the industry.
Detours 2.1 includes the following new features:
- Complete documentation of the Detours API.
- Transactional model for attaching and detaching detours.
- Support for updating peer threads when attaching or detaching detours.
- Unification of dynamic and static detours into a single API.
- Support for detection of detoured processes.
- Significant robustness improvements in APIs that start a process with a DLL containing detour functions.
- New APIs to copy payloads into target processes.
- Support for 64-bit code on x64 and IA64 processors (available in Professional edition only).
- Supports building detours with Visual Studio 2005, Visual Studio .NET 2003, Visual Studio .NET (VC8), and Visual Studio (VC7).