学步园

Detours提供了简单易用的函数接口来拦截WIN32 API调用。官方的下载地址为http://research.microsoft.com/en-us/projects/detours/，下载Detours Express 2.1安装之后还不能直接使用，编译流程如下：

1 将Detours安装目录中的src拷贝至VS安装目录/Microsoft Visual Studio 9.0/VC/bin
2 打开CMD控制台
3 将/Microsoft Visual Studio 9.0/VC/bin/vcvars32.bat拖入控制台运行
4 控制台进入到/Microsoft Visual Studio 9.0/VC/bin目录下，输入运行nmake

成功之后就会增加Detours的lib、include、bin目录，下面是个简单的例子：

#include <stdio.h><br /> #include <windows.h><br /> #include "detours.h"</p> <p>static VOID (WINAPI * TrueSleep)(DWORD dwMilliseconds) = Sleep; // 原函数</p> <p>// 替代的函数<br /> VOID WINAPI TimedSleep(DWORD dwMilliseconds)<br /> {<br /> TrueSleep(dwMilliseconds);<br /> }</p> <p>BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved)<br /> {</p> <p> if (dwReason == DLL_PROCESS_ATTACH)<br /> {<br /> // 注册<br /> DetourTransactionBegin();<br /> DetourUpdateThread(GetCurrentThread());<br /> DetourAttach(&(PVOID&)TrueSleep, TimedSleep);<br /> DetourTransactionCommit();<br /> }<br /> else if (dwReason == DLL_PROCESS_DETACH)<br /> {<br /> // 卸载<br /> DetourTransactionBegin();<br /> DetourUpdateThread(GetCurrentThread());<br /> DetourDetach(&(PVOID&)TrueSleep, TimedSleep);<br /> DetourTransactionCommit();<br /> }<br /> return TRUE;<br /> }