Click here to Skip to main content
15,844,498 members
Articles / General Programming / File

Reversing PE files statically modified by Microsoft Detours

Rate me:
Please Sign up or sign in to vote.
4.97/5 (13 votes)
24 Jan 2022LGPL314 min read 11.6K   351   20  
Investigation of PE file modifications performed by Microsoft Detours
Microsoft Detours allows hooking function calls of imported symbols from Portable Executable files. This can be performed via specific modifications of the original file. This article inspects the resulting PE file after it has been statically modified by Microsoft Detours.


Daily Counts


Weekly Counts


This article, along with any associated source code and files, is licensed under The GNU Lesser General Public License (LGPLv3)

Written By
Germany Germany
Andreas Lück, aka PAX, grew up when the progress of computer technologies (especially the internet) reached the critical point. He has always been fascinated about how internals work and how to influence them. He perceived the dark downside of the digitization very early and decided to fight everything that threatens the peaceful public.

Comments and Discussions