【应用安全检测】已验证通过
#include "detours.h"
HOOK_IsDebugger([](HOOK_State state, LPCWSTR msg) {
if (state == HOOK_Catch) {
// 反调试触发,建议退出进程
TerminateProcess(GetCurrentProcess(), 0);
}
else {
// error -> msg
}
});#include "detours.h"
HOOK_VirtualAllocEx([](HOOK_State state, LPCWSTR msg) {
if (state == HOOK_Catch) {
// 反DLL注入触发,建议杀线程
if (bypass)
std::cout << "警告:部分 Win32 API 调用可能会误触发,已知的有 ShellExecuteEx,自行过滤即可";
else
TerminateThread(GetCurrentThread(), 0);
}
else {
// error -> msg
}
});
Detours is a software package for monitoring and instrumenting API calls on Windows. Detours has been used by many ISVs and is also used by product teams at Microsoft. Detours is now available under a standard open source license (MIT). This simplifies licensing for programmers using Detours and allows the community to support Detours using open source tools and processes.
Detours is compatible with the Windows NT family of operating systems: Windows NT, Windows XP, Windows Server 2003, Windows 7, Windows 8, and Windows 10. It cannot be used by Windows Store apps because Detours requires APIs not available to those applications. This repo contains the source code for version 4.0.1 of Detours.
For technical documentation on Detours, see the Detours Wiki. For directions on how to build and run samples, see the samples README.txt file.
The Detours repository is where development is done.
Here are some ways you can participate in the project:
- Answer questions about using Detours.
- Improve the Wiki.
- Submit bugs and help us verify fixes and changes as they are checked in.
- Review source code changes.
Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
- Open an issue on GitHub Issues.
The detours-announce mailing list is a low-traffic email list for important announcements about the project, such as the availability of new versions of Detours. To join it, send an email to listserv@lists.research.microsoft.com with a message body containing only the text SUBSCRIBE DETOURS-ANNOUNCE. To leave it, send an email to listserv@lists.research.microsoft.com with a message body containing only the text UNSUBSCRIBE DETOURS-ANNOUNCE.
Copyright (c) Microsoft Corporation. All rights reserved.
Licensed under the MIT License.