intercept function

Hi! I'm looking for a way or a program that can intercept function. I found a microsoft detours, but they are quite expensive and a bit outdated. Maybe someone has an idea? Maybe something like microsoft detours?

3 Comments   [ + ] Show comments
This question is locked
  • To create a virtual file system / registry, BoxedApp SDK (this, by the way, is exactly what applications created with BoxedApp Packer use) uses the interception of system functions technique. A number of original ideas have allowed us to create an interception system compatible with any environment, and now the part of SDK that is in charge of the interception has become accessible to developers - SDK users. - Robert Miles 11 years ago
  • I found how to do it manually. But I think it is too cumbersome.
    http://software.intel.com/en-us/articles/intercepting-system-api-calls#comment-1740567 - Bazylio 11 years ago
  • This method can be used, why not?
    If the intercept functions - the only thing you need.
    As for the tools to capture features, you may want to pay attention to easyhook - Robert Miles 11 years ago
    • There are other public tools such as pin tools (probe mode does pretty much the same thing.) - gromret 10 years ago

Answers (2)

Posted by: SMal.tmcc 11 years ago
Red Belt

something like http://boxedapp.com/

or try


  • Good choice. These tools have similar characteristics - MastAvalons 11 years ago
  • As for Microsoft Detours? - gromret 11 years ago
    • Detours are very expensive for me, maybe something cheaper? - Bazylio 11 years ago
      • Yep, 10k it is too much cost for 1 developer - gromret 11 years ago
Posted by: MastAvalons 10 years ago
Orange Belt

Two Basic Techniques for Intercepting System Function Calls 
Most methods of intercepting arbitrary function calls work by preparing a DLL that replaces the target function to be intercepted and then injecting the DLL to the target process; upon attaching to the target process, the DLL hooks itself to the target function. This technique is suitable, because the source code for the target application is not available most of the time, and it is relatively simple to write a DLL that contains the replacement function, separating it from the rest of the software. 

Two intercepting methods have been studied and analyzed. Syringe works by modifying the function import entries (thunking table). On the other hand, the Detours library directly modifies the target function (in the target process space) to make an unconditional jump to the replacement function. Optionally, it provides a trampoline function that can call the original function. 

The Detours technique follows this latter method because Syringe has trouble finding the thunks in many cases, and it does not provide trampoline capability to call the original function. Injecting the DLL works the same way in both cases.

  • Thank you all. topic closed - Bazylio 10 years ago
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ