Microsoft Research Detours

Microsoft Research Detours: Intercept and Modify Win32 Functions

A software package that enables interception and modification of functions in Windows applications by adding instrumentation code to any binary without modifying the source code.

What is Microsoft Research Detours?

Microsoft Research Detours is an open source library that provides API interception capabilities for developers on the Windows platform. It allows developers to intercept API calls made by existing compiled applications and inject custom code into the flow of execution.

The key capability Detours provides is the ability to modify the behavior of a Windows application without having access to its source code. It works by intercepting function calls at the binary level as they are invoked by the Windows loader. Developers can register callback functions that get executed before, after, or instead of the actual target functions.

This makes Detours highly useful for debugging, profiling performance, adding instrumentation, implementing patches, experimenting with apis, and numerous other use cases where you need to modify or extend a compiled Windows application. It is provided as a C++ library with a DLL import.

Some of the key uses of the Detours library include: performance profiling, debugging extensions, interoperability shims, security mitigations, application compatibility fixes, prototyping features, reverse engineering, and learning how apis work. It has been widely used within Microsoft as well.

Overall, Detours provides extremely valuable capabilities to intercept and modify native API calls in already-compiled Windows applications. It enables scenarios that would be difficult or impossible otherwise without access to source code.

Microsoft Research Detours Features

Official Links