There might be several reasons for the situation you describe. Here are the most probable of them:
- The CreateMutexW call you need to catch occurs within the DllMain method of one of the DLLs that are imported by the process, and you are using the DetoursCreateProcessWithDll() function to inject your code. Detours injects your DLL by placing it at the end of the process executable import list, and hence all the DLLs that are imported by the process would be loaded and initialized within the process prior to yours. In order to overcome this, try using CreateProcess(CREATE_SUSPENDED) and CreateRemoteThread()-based injection, although this method raises its own challenges.
- The API that is used in the first call is different. Have you tried overriding CreateMutexExW? Are you sure ANSI methods call Unicode ones?
Hope this helps.