DetourFunction
and DetourRemove
have been replaced with DetourAttach
and DetourDetach
. Using them is not that hard, and the library comes with a set of samples where you could see how to use these APIs. Your code should look like this:
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
if (ul_reason_for_call == DLL_PROCESS_ATTACH)
{
o_NtQuerySystemInformation = (t_NtQuerySystemInformation)DetourAttach(&(PVOID&)GetProcAddress(GetModuleHandle("ntdll.dll"), "NtQuerySystemInformation"), My_NtQuerySystemInformation);
o_ZwOpenProcess = (t_ZwOpenProcess)DetourAttach(&(PVOID&)GetProcAddress(GetModuleHandle("ntdll.dll"), "ZwOpenProcess"), My_ZwOpenProcess);
MyModuleHandle = (HMODULE)hModule;
MyPid = GetCurrentProcessId();
}
if (ul_reason_for_call == DLL_PROCESS_DETACH)
{
DetourDetach(&(PVOID&)o_NtQuerySystemInformation, My_NtQuerySystemInformation);
DetourDetach(&(PVOID&)o_ZwOpenProcess, My_ZwOpenProcess);
}
return TRUE;
}