发表新帖
发表新帖

Hook LoadLibrary call from managed code

后端 未结
关注
4 1740
[愿得一人]
[愿得一人] 2021-01-01 03:56

We would like to hook calls to LoadLibrary in order to download assemblies that are not found. We have a handler for ResolveAssembly that handles the managed assemblies, bu

4条回答
  • 轻奢々
    轻奢々 (楼主)
    2021-01-01 04:44

    We resolved the specified issue via a call to VirtualProtect() prior to calling WriteProcessMemory() and then call it again afterwards to restore the protection levels. This temporarily removes the read-only protection for the memory where the IAT resides. This works well for us and resolves the issue for when LoadLibrary() is called.

    Now if I can just figure out why LoadLibrary() is not called when an unmanaged assembly links against a lib (not a static lib)...

    By the way, Detour and N-Code Hook both look like nice products and are most likely the way I should go, but I would like to avoid adding a 3rd party assembly if possible.

    0 讨论(0)
 看不清?
提交回复
热议问题