.detour段是detours库用来储存数据的
To modify a Windows binary, Detours creates a new .detours section between the export table and the debug symbols, as shown in Figure 4.Note that debug symbols must always reside last in a Windows binary.The new section contains a detours header record and a copy of the original PE header.If modifying the import table, Detours creates the new import table, appends it to the copied PE header, then modifies the original PE header to point to the new import table. Finally, Detours writes any user payloads at the end of the .detours section and appends the debug symbols to finish the file.?Detours can reverse modifications to the Windows binary by restoring the original PE header from the .detours section and removing the .detours section.
