Detours 3.0 Express VC6.0编译方法及简单使用

一、Detours 3.0 Express VC6.0编译方法

1、\Detours Express 3.0\src\detours.cpp

#define ARRAYSIZE(A) (sizeof(A)/sizeof((A)[0]))//在第31行添加
//第1599行__debugbreak()改为DebugBreak()
if (pbTrampoline > pbPool) {
    DebugBreak();
}

 2、\Detours Express 3.0\src\disasm.cpp第356行

pbDst[1] = 0x80 | (pbSrc[0] & 0xf);

改为：

pbDst[1] = pbSrc[0];
pbDst[1] &=  0xf;
pbDst[1] |= 0x80;

二、Detours 3.0 Express 简单使用

下面是拦截ShellAboutW()的例子。可以用Windows XP上的计算器来测试，点击关于按钮，在弹出关于对话框之前先弹出一个MessageBox。

// HookShellAboutW.cpp : Defines the entry point for the DLL application.
//

#include "stdafx.h"
#include <ShellAPI.h>
#include "detours.h"

#pragma comment(lib, "detours.lib")

int (WINAPI* SysShellAboutW)(HWND hWnd, LPCWSTR szApp, LPCWSTR szOtherStuff, HICON hIcon) = ShellAboutW;

int WINAPI HookShellAboutW(HWND hWnd, LPCWSTR szApp, LPCWSTR szOtherStuff, HICON hIcon)
{
	MessageBox(hWnd, "Hook successfully!", "Caption", MB_OK);
	return SysShellAboutW(hWnd, szApp, szOtherStuff, hIcon);
}

BOOL APIENTRY DllMain( HANDLE hModule, 
                       DWORD  ul_reason_for_call, 
                       LPVOID lpReserved
					 )
{
	switch(ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
		DetourTransactionBegin();
		DetourUpdateThread(GetCurrentThread());
		DetourAttach(&(PVOID&)SysShellAboutW, HookShellAboutW);
		if(DetourTransactionCommit() != NO_ERROR)
			OutputDebugString("detoured unsuccessfully!");
		break;
	case DLL_PROCESS_DETACH:
		DetourTransactionBegin();
        DetourUpdateThread(GetCurrentThread());
		DetourDetach(&(PVOID&)SysShellAboutW, HookShellAboutW);
		DetourTransactionCommit();
		break;
	case DLL_THREAD_ATTACH:
		break;
	case DLL_THREAD_DETACH:
		break;
	}
    return TRUE;
}

__declspec(dllexport) int ExportFunc(VOID)
{
	return 5;
}