There are several uses that come to my mind:

• Hot patching: Allows you to update/patch parts of your code without actually shutting down the process or restarting. Microsoft itself made sure large parts of Windows are hot-patchable by prefixing functions with a 5-byte NOP block. Why? Because you can JMP to any other part of your code in 5 bytes, so hot-patching basically overwrites the prefix bytes with a JMP to the updated/patched code and voila, your code does something entirely new. This is often used together with DLL injection to load the new code into the target process, and while not mandatory, it’s one of its uses.

• Logging: In the same spirit, detouring code is often used to prefix a function for logging purposes, i.e. to see with what parameters it is called. Also, some applications that record screen output from DirectX applications do this by detouring the DirectX calls, which again involves injecting a DLL into the process that monitors calls.

• Subclassing: Not in the OOP sense, but in the Windows sense, i.e. providing a new WndProc for an existing window to alter its behavior. While you can simply set a different message handling routine via SetWindowLongPtr, the limiting factor to this is that the function needs to reside in the target process address space. This is where injection comes in once again: you provide a new implementation in a DLL, inject this into the target process and call SetWindowLongPtr. This can be used to provide custom, additional drawing on a foreign window, for example.

I have personally had to deal with all of the above use cases in the past, in regular business applications, from using hot patching to ensure uptime on a critical notification system in medical services to using detours/logging to allow a proprietary record management (by a then already dead software shop) to talk to a full-blown CRM solution in real-time.

As always, it’s just a tool in your box, and there is nothing inherently “evil” about it. It’s for whatever purpose you make use of it that counts.