EDN Admin
Well-known member
I have used the Detours library successfully before to intercept Win32 calls using DetourAttach (i.e. I have modified the source code to the application). But now I want to use DetourCreateProcessWithDll to intercept calls in an existing application
without modifying the source code, recompiling, etc. I have looked at the WithDll example, but it doesnt seem to include a sample DLL to be injected, just code to inject an arbitrary DLL into an arbitrary process as specified in command-line arguments.
The documentation just states that the injected DLL must export a function at ordinal 1. But it doesnt go into detail about how to detour functions using injection. Im guessing that the dll to be injected should itself link to detours.lib and
make calls to DetourAttach, as opposed to the detouring being done by the lauching process, although Im not 100% sure of this. Assuming that is even correct, Im still confused about a few points:
Is the function at ordinal 1 called after the process is launched and resumed?
If so, what does the signature of the function need to be?
If not, how are we supposed to get our code to be called, just put it in DllMain?
In short, its not clear what the funtion at ordinal 1 is supposed to look like, or what it does.
Any help is greatly appreciated.
Greg
View the full article
without modifying the source code, recompiling, etc. I have looked at the WithDll example, but it doesnt seem to include a sample DLL to be injected, just code to inject an arbitrary DLL into an arbitrary process as specified in command-line arguments.
The documentation just states that the injected DLL must export a function at ordinal 1. But it doesnt go into detail about how to detour functions using injection. Im guessing that the dll to be injected should itself link to detours.lib and
make calls to DetourAttach, as opposed to the detouring being done by the lauching process, although Im not 100% sure of this. Assuming that is even correct, Im still confused about a few points:
Is the function at ordinal 1 called after the process is launched and resumed?
If so, what does the signature of the function need to be?
If not, how are we supposed to get our code to be called, just put it in DllMain?
In short, its not clear what the funtion at ordinal 1 is supposed to look like, or what it does.
Any help is greatly appreciated.
Greg
View the full article