"Detours" problems
in [Win32 Kernel]
|
From: Bob Altman on 17 Feb 2010 18:43 Hi all, I'm trying to get the Microsoft "Detours" API (http://research.microsoft.com/en-us/projects/detours/) to work, and I'm having problems. I must be missing something really basic. My application consists of a bunch of programs whose source code I don't want to touch. Those programs call into a DLL that I supply, as well as a 3rd-party DLL. I want to add code to my DLL to intercept calls made by the programs into the 3rd-party DLL. Here's the short version of the problem statement: My DLL detours some of the 3rd-party functions to "detour" routines in my DLL. If I add code in my DLL activation routine to call into the 3rd-party DLL after I've set up the detours then it appears to work correctly. But calls made from a client of my DLL to the 3rd-party DLL, after I've set up the detours, go straight to the 3rd-party DLL without a trip to my "detour" routines. Here's the longer version: I've modified the DLL_PROCESS_ATTACH case in the DllMain routine in my DLL to detour a bunch of functions from the 3rd-party DLL to functions in my DLL. In that code, I write a test message to the console window to verify that I've done the deed. I wrote a test app that calls (presumably detoured) functions from the 3rd-party DLL. I set the following breakpoints: - At the DetourAttach calls (in my DLL activation routine) - In the body of my "detour" routine (that is, the routine to which calls to the 3rd-party DLL are redirected). - In the test app at the first call to into the 3rd-party DLL When I run the test app, I first hit the breakpoint that I put at the DetourAttach calls. When I continue running, I hit the breakpoint in the test app and I verify that I see the message on the console window confirming that the routines are detoured. But the call into the 3rd-party DLL operates normally, without a trip to my "detour" routine. If I modify my DLL initialization code to add a call to the 3rd-party routine after I've set up the detours then it does, indeed, break in my "detour" routine. Any suggestions? TIA - Bob
From: Bob Altman on 17 Feb 2010 20:30 I wrote a simple, self-contained test app that consists of a main program and a DLL that attempts to detour the STL rand() function. This test app claims to have successfully installed the detour, but calls to rand() don't detour to my handler. I could zip up the test app (which includes the "detours" libraries) and include it in a post, but it's about 3 MB... TIA - Bob
From: "Jialiang Ge [MSFT]" on 19 Feb 2010 00:29 Hello Bob A more appropriate forum for Detours questions is http://community.research.microsoft.com/forums/. Please understand that Detours is not officially supported by Microsoft CSS department. It is provided "as-is". Furthermore, Microsoft does not support any process into which a detour has been loaded. Regards, Jialiang Ge Microsoft Online Community Support ================================================= Delighting our customers is our #1 priority. We welcome your comments and suggestions about how we can improve the support we provide to you. Please feel free to let my manager know what you think of the level of service provided. You can send feedback directly to my manager at: msdnmg(a)microsoft.com. This posting is provided "AS IS" with no warranties, and confers no rights. =================================================
From: Bob Altman on 24 Feb 2010 12:50 In case someone stumbles across this while researching their own Microsoft Detours issue, here are a couple of gotchas that the documentation doesn't mention: 1. The program (or DLL) that installs the detours must not have "incremental linking" enabled. 2. The library whose routines are being detoured must not be included in the "delay loaded DLLs" list in the program (or DLL) that installs the detour. Both of the above settings change the code generated by the compiler/linker in ways that break Detours. (And, of course, my code used both of these settings.) In particular, "incremental linking" adds a couple of extra indirections to every subroutine call, while calls into a "delay loaded DLL" go through a very expensive helper routine for every call. Bob
|
Pages: 1 Prev: Detect If Shutdown In Progress Next: Calendar Era start and end dates |