How does the Detours library assist in hooking system APIs for credential extraction?

The Detours library allows intercepting and redirecting Windows API calls, which RdpThief uses to replace original functions like `SspiPrepareForCredRead` or `CredReadW` with custom ones that capture the password and server name. The typical workflow involves `DetourTransactionBegin()`, `DetourAttach()` to attach the hook, and `DetourTransactionCommit()` to apply it. This method enables monitoring the data flow inside mstsc.exe without modifying the application itself.