{"id":169522,"date":"2002-01-16T16:17:07","date_gmt":"2002-01-16T16:17:07","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/project\/detours\/"},"modified":"2019-08-14T14:36:10","modified_gmt":"2019-08-14T21:36:10","slug":"detours","status":"publish","type":"msr-project","link":"https:\/\/www.microsoft.com\/en-us\/research\/project\/detours\/","title":{"rendered":"Detours"},"content":{"rendered":"<p>Detours is a software package for re-routing Win32 APIs underneath applications. For almost twenty years, has been licensed by hundreds of ISVs and used by nearly every product team at Microsoft.<\/p>\n<h1>What&#8217;s New?<\/h1>\n<p><b>Detours 4.0.1 is now open source under the MIT license.<\/b> Detours is on GitHub at\u00a0<a class=\"msr-external-link glyph-append glyph-append-open-in-new-tab glyph-append-xsmall\" rel=\"noopener noreferrer\" target=\"_blank\" href=\"https:\/\/github.com\/microsoft\/detours\">https:\/\/github.com\/Microsoft\/Detours<span class=\"sr-only\"> (opens in new tab)<\/span><\/a>. The source code is identical to Build 343 of Detours 3.0.\u00a0 Detours Build 338 and later fix a security vulnerability that has been identified in releases of Detours before 3.0 Build 334.<\/p>\n<p>Detours 4.0.1 supports x86, x64 and other Windows-compatible processors (IA64 and ARM). It includes support for either 32-bit or 64-bit processes.<\/p>\n<p>Detours 4.0 simplifies the licensing of Detours. Detours 3.0 was available in two versions.\u00a0Detours Professional allowed commercial use.\u00a0 Detours Express allowed\u00a0research, non-commercial, and non-production use.\u00a0The two versions were identical except for their licenses.<\/p>\n<p>Detours 3.0 included the following new features over Detours 2.x:<\/p>\n<ul>\n<li>Support for 64-bit code on x64 and IA64 processors (Professional Edition only).<\/li>\n<li>Support for all Windows processors (Professional Edition only).<\/li>\n<li>Removed requirement for including detoured.dll in processes.<\/li>\n<li>Compatibility improvements for detouring APIs used by managed-code (MSIL) programs, especially on x64 processors.<\/li>\n<li>Addition of APIs to enumerate PE binary Imports and to determine the module referenced by a function pointer.<\/li>\n<\/ul>\n<h1>Overview<\/h1>\n<p>Innovative systems research hinges on the ability to easily instrument and extend existing operating system and application functionality. With access to appropriate source code, it is often trivial to insert new instrumentation or extensions by rebuilding the OS or application. However, in today&#8217;s world systems researchers seldom have access to all relevant source code.<\/p>\n<p>Detours is a library for instrumenting arbitrary Win32 functions Windows-compatible processors. Detours intercepts Win32 functions by re-writing the in-memory code for target functions. The Detours package also contains utilities to attach arbitrary DLLs and data segments (called payloads) to any Win32 binary.<\/p>\n<p>Detours preserves the un-instrumented target function (callable through a trampoline) as a subroutine for use by the instrumentation. Our trampoline design enables a large class of innovative extensions to existing binary software.<\/p>\n<p>We have used Detours to create an automatic distributed partitioning system, to instrument and analyze the DCOM protocol stack, and to create a thunking layer for a COM-based OS API. Detours is used widely within Microsoft and within the industry.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Detours is a software package for re-routing Win32 APIs underneath applications. For almost twenty years, has been licensed by hundreds of ISVs and used by nearly every product team at Microsoft. What&#8217;s New? Detours 4.0.1 is now open source under the MIT license. Detours is on GitHub at\u00a0https:\/\/github.com\/Microsoft\/Detours. The source code is identical to Build [&hellip;]<\/p>\n","protected":false},"featured_media":0,"template":"","meta":{"msr-url-field":"","msr-podcast-episode":"","msrModifiedDate":"","msrModifiedDateEnabled":false,"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"research-area":[13560,13547],"msr-locale":[268875],"msr-impact-theme":[],"msr-pillar":[],"class_list":["post-169522","msr-project","type-msr-project","status-publish","hentry","msr-research-area-programming-languages-software-engineering","msr-research-area-systems-and-networking","msr-locale-en_us","msr-archive-status-active"],"msr_project_start":"2002-01-16","related-publications":[151268],"related-downloads":[],"related-videos":[],"related-groups":[144936],"related-events":[],"related-opportunities":[],"related-posts":[],"related-articles":[],"tab-content":[],"slides":[],"related-researchers":[{"type":"user_nicename","display_name":"Galen Hunt","user_id":31846,"people_section":"Group 1","alias":"galenh"}],"msr_research_lab":[],"msr_impact_theme":[],"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/169522","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/types\/msr-project"}],"version-history":[{"count":9,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/169522\/revisions"}],"predecessor-version":[{"id":603549,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-project\/169522\/revisions\/603549"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/media?parent=169522"}],"wp:term":[{"taxonomy":"msr-research-area","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/research-area?post=169522"},{"taxonomy":"msr-locale","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-locale?post=169522"},{"taxonomy":"msr-impact-theme","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-impact-theme?post=169522"},{"taxonomy":"msr-pillar","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/research\/wp-json\/wp\/v2\/msr-pillar?post=169522"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}