search

microsoft / Detours

Detours is a software package for monitoring and instrumenting API calls on Windows. It is distributed in source code form.
MIT License
5.02k stars 981 forks source link

Hooking functions in kernel32.dll and Windows 10 #190

Closed dilipcnaik closed 3 years ago

dilipcnaik commented 3 years ago

More a question than an issue

Are any of the people active here using Detours on the latest versions of Windows 10?

If yes, are you able to successfully hook functions exported by kernel32.dll? Examples of the APIs include CreateFile, LoadLibrary, GetProcAddress, etc

Thank you!

bgianfo commented 3 years ago

Detours certainly works on the latest Windows 10, it's what I do all my development/testing on.

There are a bunch of samples included in the project which hook kernel32.dll exports, see the tracereg sample for example. It detours CreateFile, LoadLibrary, GetProcAddress and many more:

https://github.com/microsoft/Detours/blob/6782fe6e6ab11ae34ae66182aa5a73b5fdbcd839/samples/tracereg/trcreg.cpp#L685-L701

You can see how to execute the sample from the `Makefile:

https://github.com/microsoft/Detours/blob/6782fe6e6ab11ae34ae66182aa5a73b5fdbcd839/samples/tracereg/Makefile#L73-L80

bgianfo commented 3 years ago

Closing this question, I'm using I've answered the question.