We have to look at the official Microsoft Hook Library First:
Detours Professional 3.0
Price: us$9,999.95
Feature List:
Detours 3.0 includes the following new features over Detours 2.x:
Support for 64-bit code on x64 and IA64 processors (Professional Edition only).
Support for all Windows processors (Professional Edition only).
Removed requirement for including detoured.dll in processes.
Compatibility improvements for detouring APIs used by Managed-code (MSIL) programs, especially on x64 processors.
Addition of APIs to enumerate PE binary Imports and to determine the module referenced by a function pointer.
From the above we can see that the function is really powerful ah, for 64-bit and 64 related processes and even all Windows processes can be hook, basically called the Great Library.
Actually used free version of know, basically detours can also analyze PE structure, import table and export table modification and so on.
This time I'm going to introduce a poor dick like me that can afford it, easyhook.
Let's take a look at Easyhook's introduction:
Easyhook's slogan:
Easyhook Continuing Detours
We can understand that it is a substitute for detours, to replace those who can't afford expensive Microsoft products.
Ok let's see how powerful it is:
First he supports the C # language (which has gone beyond detours) and has C # Wapper
Consistent with detours's billing version, all types of processes are supported
Perfect support for 64-bit processes and targets
has been continuously updated for a long time and has strong support.
The famous game engine unreal is using the system, although I have not noticed where to use it.
Support for managed and unmanaged level code calls and hooks
Open all source code, can learn to modify, extract or even static compilation
Super simple to inject remote DLLs into the other process, which is much simpler than detours.
Powerful interface documentation, this is written in great detail.
Drive-level options, carefully read the document will know that he can selectively use the driver to elevate their own permissions
Has a powerful API to detect whether the target process or system process is 64-bit
Different interfaces for 64-bit and 32-bit when injected
The disadvantage is that there is a C + + interface, just need to refine and compile, the research cost is obviously slightly higher.
Official homepage: http://easyhook.codeplex.com/
Discard the expensive Detours Professional 3.0, use the free powerful Easyhook