{"id":23302369,"url":"https://github.com/lowleveldesign/takedetour","last_synced_at":"2025-10-30T07:10:55.761Z","repository":{"id":54158432,"uuid":"152846424","full_name":"lowleveldesign/takedetour","owner":"lowleveldesign","description":"A template (and a sample) for writing tracers on Windows. Based on the Detours library.","archived":false,"fork":false,"pushed_at":"2024-03-14T18:42:04.000Z","size":492,"stargazers_count":31,"open_issues_count":0,"forks_count":6,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-09T01:18:50.667Z","etag":null,"topics":["detours","hooks","profiling","tracing","windows"],"latest_commit_sha":null,"homepage":null,"language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lowleveldesign.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-10-13T07:21:38.000Z","updated_at":"2024-06-12T19:07:17.000Z","dependencies_parsed_at":"2022-08-13T07:50:59.455Z","dependency_job_id":null,"html_url":"https://github.com/lowleveldesign/takedetour","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/lowleveldesign/takedetour","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lowleveldesign%2Ftakedetour","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lowleveldesign%2Ftakedetour/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lowleveldesign%2Ftakedetour/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lowleveldesign%2Ftakedetour/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lowleveldesign","download_url":"https://codeload.github.com/lowleveldesign/takedetour/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lowleveldesign%2Ftakedetour/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":271605044,"owners_count":24788835,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-22T02:00:08.480Z","response_time":65,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["detours","hooks","profiling","tracing","windows"],"created_at":"2024-12-20T10:28:56.912Z","updated_at":"2025-10-30T07:10:50.726Z","avatar_url":"https://github.com/lowleveldesign.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# TakeDetour\n\nThis project is a template for building tracers on Windows. It wraps the excellent [Microsoft Detours library](https://github.com/Microsoft/Detours) to create a self-contained, single binary with all the hooking functions you define. As an example, I hooked the `CreateDirectory` function so running the [TakeDetour.exe](https://github.com/lowleveldesign/takedetour/releases) with any application prints all the calls to this function on the Windows Debug Output (you may use [DebugView](https://docs.microsoft.com/en-us/sysinternals/downloads/debugview) to see it). For example:\n\n```\nPS\u003e .\\TakeDetour.exe -w c:\\windows\\system32\\notepad.exe\nINFO: Starting the 'c:\\windows\\system32\\notepad.exe' process.\n\nPress Ctrl + C to stop the target process.\n```\n\nStart the DebugView and make sure **Capture -\u003e Capture Global Win32** is checked. Then, open the **New File** dialog in notepad, and you should see trace messages appearing in the DebugView window:\n\n![DebugView output](dbgview_output.png)\n\n**The released executable works on all Windows system starting from 7 and can hook both 32-bit and 64-bit applications.**\n\n## What this project contains\n\nI implemented two ways of interacting with a target process. You may either **start a new process** or **attach to an existing process**. The first way uses the [`DetourCreateProcessWithDllEx`](https://github.com/Microsoft/Detours/wiki/DetourCreateProcessWithDllEx) function from the Detours library. The latter injects the DLL using the remote thread. \n\nWhether you start a new process or attach to an existing one, you may add the **-w** argument to control the injection process. This option makes the application to wait for a **Ctrl + C** event or a target process termination. When a user presses Ctrl + C after attaching to a process, the injected DLL is detached, and the target process continues running. Pressing Ctrl + C after starting a new process forces the target process to terminate.\n\nAll the dependencies are embedded as binary resources, and TakeDetour unpacks them to a temporary folder (`%TEMP%\\takedetour`) on start. The default executable is 32-bit. Thus, to hook a 64-bit process it needs to spawn a helper process. When running TakeDetour on a 64-bit system, remember that the Wow64 engine maps some folder paths. For example: `TakeDetour c:\\Windows\\System32\\notepad.exe` will start a 32-bit notepad.exe. To start the 64-bit version, use `TakeDetour c:\\Windows\\sysnative\\notepad.exe`.\n\nThe injected dll name is InjectDll32.dll for 32-bit process and InjectDll64.dll for 64-bit processes.\n\n## How to add your hooks\n\nOpen the TakeDetours.sln file in **Visual Studio 2017** and edit the **InjectDll\\dllmain.cpp** file. You may want to check [Detours Wiki](https://github.com/Microsoft/Detours/wiki) first to learn how to hook methods with the Detours API. \n\nYou usually start with the hook definition, for example:\n\n```cpp\nstatic BOOL(WINAPI * TrueCreateDirectory)(\n    LPCWSTR               lpPathName,\n    LPSECURITY_ATTRIBUTES lpSecurityAttributes\n) = CreateDirectory;\n\nBOOL WINAPI TracedCreateDirectory(\n    LPCWSTR               lpPathName,\n    LPSECURITY_ATTRIBUTES lpSecurityAttributes\n)\n{\n    wostringstream output;\n    output \u003c\u003c L\"Traced CreateDirectory: \" \u003c\u003c lpPathName;\n    OutputDebugString(output.str().c_str());\n\n    return TrueCreateDirectory(lpPathName, lpSecurityAttributes);\n}\n```\n\nLater, you need to enable your hooks in the DllMain method. Please modify only the `DLL_PROCESS_ATTACH` and `DLL_PROCESS_DETACH` blocks. For example:\n\n```cpp\nBOOL APIENTRY DllMain(HMODULE hModule,\n    DWORD  ul_reason_for_call,\n    LPVOID lpReserved\n)\n{\n    ...\n    switch (ul_reason_for_call) {\n    case DLL_PROCESS_ATTACH:\n        DetourRestoreAfterWith();\n\n        DetourTransactionBegin();\n        DetourUpdateThread(GetCurrentThread());\n        DetourAttach(\u0026(PVOID\u0026)TrueCreateDirectory, TracedCreateDirectory);\n        // TODO: add your hooks here\n        error = DetourTransactionCommit();\n        if (error != NO_ERROR) {\n            wostringstream output;\n            output \u003c\u003c L\"Error detouring: \" \u003c\u003c error;\n            OutputDebugString(output.str().c_str());\n        }\n        break;\n    ...\n    case DLL_PROCESS_DETACH:\n        DetourTransactionBegin();\n        DetourUpdateThread(GetCurrentThread());\n        DetourDetach(\u0026(PVOID\u0026)TrueCreateDirectory, TracedCreateDirectory);\n        // TODO: add your hooks here\n        error = DetourTransactionCommit();\n        if (error != NO_ERROR) {\n            wostringstream output;\n            output \u003c\u003c L\"Error detouring: \" \u003c\u003c error;\n            OutputDebugString(output.str().c_str());\n        }\n        break;\n    }\n    ...\n}\n```\n\n## Reporting bugs\n\nIf you find a bug or have an idea for improvement, please add it to the [Issues](https://github.com/lowleveldesign/takedetour/issues) list. \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flowleveldesign%2Ftakedetour","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flowleveldesign%2Ftakedetour","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flowleveldesign%2Ftakedetour/lists"}