I've talked to a friend of mine which introduced me to detouring back in the days and he explained to me the mechanics of detouring as he was a kernel programmer and in his previous position he subvered most of the kernel. With this new knowledge I was able to build a library that does exactly what Microsoft Detour does, and because I'm intercepting only a handfull of functions I don't need to make it generic.
Time has passed, everyone was happy but I got more and more requests to support my detouring apps for 64bit, now if detours was a pain for 32bit they are a nightmare for 64bit and the reason is that MS excluded two important features that are required to perform detours:
- Naked __declspec
Without these two, detouring would be a nightmare, so again I researched the web and just like before I went down the same path: MS Detours professional supports 64bit but costs quite a lot (last time I saw a price it was 10k$), and it can't be downloaded so I couldn't learn what they are doing. The non MSVC library doesn't support 64bit detours because there isn't a 64bit version of the development language, and the 100$ library, well, it was bad and nothing changed about it :)
The only difference is that I know how the 32bit detours work, so I researched again on the subject and again documentation is scarce and fuzzy but in a moment of insomnia I managed to find a solution for the problems with 64bit detours :) my code is working and just like before I need to make sure it works for all my detours but the hard work is done, I can safely say that as for this moment, my company is one of the handfull that are in possesion of such technology.
Just to be fair and unbiased there's another LGPL (I hate L/GPL) library which is doing kernel hooking which is quite of an overkill for me and I couldn't learn anything from it, it's called: EasyHook.