I tried writing a program that could extend the Windows API *on the fly* instead of by replacing DLL's. It basically does two things:
- It intercepts calls to LoadLibraryA/W to redirect API calls
- It intercepts calls to CreateProcessXXX so it can patch the DLL imports table when the process is starting (but before the Windows PE loader can process the header).
Unfortunately, it doesn't always work, and I'm sort of stumped. Like everything else, it's written in Delphi, and it's actually a pretty small program. Would anyone be interested in taking a look at it?
From what I'm seeing, the part that patches the DLL imports table might have a problem somewhere, because when I run some programs that look for a non-2k API call they sometimes hang.
The only API call I have it adding so far is TraceMessage, and the problem that I see is when I try to run the game Overlord. If I patch Overlord's DLL to redirect TraceMessage it works fine, but if I use ExtendAPI instead it doesn't. So I'm stumped.
Edited by WildBill, 18 March 2010 - 10:10 PM.