Detour, SourceCode in C++

[ajox86]

Hi!

Felt like contributing something so here is my Detour class in C++. It might already exist im not sure, but here is my version and in open-source. Note that its not entirely finished but it does what its supposed to do i guess. Hooking peices of codes that start with 0xE8 will not work. Will fix that later. Anyways, its ugly but my ++ skills are very limited though im a hardcore C-guy. Enjoy.

Download

EDIT: New downloadlink

/* XDetour v0.3 - Executable Code Rerouter, (C)oded by ajo 2009

With this detour library you can redirect executable code from anyware, to call your custom peice of
code without interrupting the codeflow. The class has an internal disassembler (XDE by z0mbie) that
makes you able to reroute codepeices in the middle of nested jumps calls etc. XDetour also has
highlevel plain C functions to read registers from the pushed stack which makes it easier to write
higher level code and avoid as much assembly as possible.

This code is probebly ugly for a C++ person but i wrote it to get myself back to shape while still
trying to use some C++. Althou I'm a plain C into the bone im trying...

Feel free to use this code for anything you want aslong as you give credits, enjoy.

- Use XDETOUR_API as declspec when you write your hook procedures
- Use XDETOUR_ENTER/XDETOUR_LEAVE for prolog/epilog and no flags/registers will be touched!!
- Use XDetourGetEAX()..EBX()..etc for reading registers in your callback
- Use XDetourSetEAX()..EBX()..etc for writing registers in your callback

[Original]-->[RouteCode]-->[DetourProcedure]-->[RouteCode]-->[Original+5]

RouteCode Looks like this:
003B45E8 E8 1D CA 05 00 call HookProc (41100Ah) ;Call our detour
003B45ED 55 push ebp ;Copied from printf
003B45EE 8B EC mov ebp,esp ;Copied from printf
003B45F0 6A FE push 0FFFFFFFEh ;Copied from printf
003B45F2 E9 FE 9D E7 0F jmp printf+5 (1022E3F5h) ;jump back to hook+CopyLen

Due to the internal reassembly the following code that is dependent on the flags and
uses a relative jump can be hook without any problems:-

00495ED1 8BF0 MOV ESI,EAX
00495ED3 85F6 TEST ESI,ESI
00495ED5 74 64 JE SHORT 00495F3B

... Which will give a routecode as follows...

0B632A18 E8 EDF0DEFC CALL 08421B0A ;Hookfunction
0B632A1D 8BF0 MOV ESI,EAX ;Copied
0B632A1F 85F6 TEST ESI,ESI ;Copied
0B632A21 0F84 1435E6F4 JE 00495F3B ;Reassembled
0B632A27 E9 AB34E6F4 JMP 00495ED7 ;Jump back+6
*/

[Cypher]

Thanks for the share!

[Xzibit]

ya thanks! I may use this in the future

[greasemonkey]

hi

I want to download the file but it has a limit of 10 downloads. May you upload it again?

[ajox86]

hi

I want to download the file but it has a limit of 10 downloads. May you upload it again?

Oh i didnt know that. I had some trouble with the builtin attachment so i used rapidshare.

EDIT: New download link in main post

[Tanaris4]

Any chance someone could re-upload?

[mnbvc]

is this thing superior to microsoft's detour in any case?

[xinjingjing]

New download link, Requested file is deleted.....