Detours Express is a library for Windows that can intercept Win32 functions. With it users are able to insert detour functions without affecting the original library. This is a convenient method which provides flexibility for any development needs.

Operation

Detours Express is a Microsoft-signed package that enables the interception of function calls for systems with different types of architecture. The procedure goes as follows: the library applies interception code at execution. Then, it interpolates the detour function between the source and the target functions. This is done by replacing the first instructions and storing them in a so-called trampoline function.

Thus, when the target function is reached, execution is redirected to the detour. The latter controls the entire procedure by performing pre-processing and post-processing actions until the target function is complete. This offers versatility to developers, who want to add extensions and instrumentation methods in their applications.

Before making any changes to the Windows libraries, it is recommended users backup important files with special tools like RegSupreme.

Components

The package also includes various other APIs that you can use to access the payloads, modify the binaries and insert DLL into the execution process. You are also able to create or find the target process, as well as insert the detour function.

In addition to extensive documentation that explains how the library and the detouring process work, the package also includes a generous array of samples.

Features

free to download and use;
compatible with modern Windows versions;
developed by Microsoft;
allows you to insert detour functions;
does not affect the original library.