Hi! I'm looking for a way or a program that can intercept function. I found a microsoft detours, but they are quite expensive and a bit outdated. Maybe someone has an idea? Maybe something like microsoft detours?

3 Comments   [ + ] Show Comments

Comments

This question is locked
  • To create a virtual file system / registry, BoxedApp SDK (this, by the way, is exactly what applications created with BoxedApp Packer use) uses the interception of system functions technique. A number of original ideas have allowed us to create an interception system compatible with any environment, and now the part of SDK that is in charge of the interception has become accessible to developers - SDK users.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Member has been banned from the site
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
    • This content is currently hidden from public view.
      Reason: Spam
      For more information, visit our FAQ's.
  • I found how to do it manually. But I think it is too cumbersome.
    http://software.intel.com/en-us/articles/intercepting-system-api-calls#comment-1740567
  • This method can be used, why not?
    If the intercept functions - the only thing you need.
    As for the tools to capture features, you may want to pay attention to easyhook
    • There are other public tools such as pin tools (probe mode does pretty much the same thing.)

Community Chosen Answer

4

something like http://boxedapp.com/

or try

http://lmgtfy.com/?q=microsoft+detours+alternative

Answered 06/12/2013 by: SMal.tmcc
Red Belt

  • Good choice. These tools have similar characteristics
  • As for Microsoft Detours?
    • Detours are very expensive for me, maybe something cheaper?
      • Yep, 10k it is too much cost for 1 developer
Please log in to comment

Answers

0

Two Basic Techniques for Intercepting System Function Calls 
Most methods of intercepting arbitrary function calls work by preparing a DLL that replaces the target function to be intercepted and then injecting the DLL to the target process; upon attaching to the target process, the DLL hooks itself to the target function. This technique is suitable, because the source code for the target application is not available most of the time, and it is relatively simple to write a DLL that contains the replacement function, separating it from the rest of the software. 

Two intercepting methods have been studied and analyzed. Syringe works by modifying the function import entries (thunking table). On the other hand, the Detours library directly modifies the target function (in the target process space) to make an unconditional jump to the replacement function. Optionally, it provides a trampoline function that can call the original function. 

The Detours technique follows this latter method because Syringe has trouble finding the thunks in many cases, and it does not provide trampoline capability to call the original function. Injecting the DLL works the same way in both cases.

Answered 06/26/2013 by: MastAvalons
Orange Belt

  • Thank you all. topic closed
Please log in to comment
This question is locked

Share