Windows: How to create custom appcompat shims (Application Fixes)?

Question

Windows has the capability to apply shims to mis-behaving applications. Shims are used to intercept API calls and change it. For example, shims can be used to:

Answer 1

You could always use reverse engineering to fix it.

Answer 2

I'm not aware of any way of someone other than Microsoft implementing an appcompat shim.

You might want to investigate Detours, it might provide the functionality you want.

Answer 3

You have to think of this from Raymond Chen's point of view. Imagine if it were possible for somebody other than Microsoft to write compatibility shims. Then whenever Microsoft makes a breaking change, in addition to all their other compatibility work they will also have to write shims for the 3rd party shims that did the wrong thing. Maintaining backward compatibility is hard enough as it is.

Answer 4

It's possible, but it requires some work.

You spawn the application using your own launcher program which will apply the shim. You do this by letting your launcher create the process with sufficient privileges to edit its memory. Most API functions start with a two-byte nop preceded by more nops. You can change the two-byte nop into a short jump and the preceding nops to a long jump where ever you want to go.

An alternative solution which I have used in the past is to load the executable as a DLL, but that can cause more work since depending on how finicky the application is. In my situation I had to load the executable as a data-only DLL and do all my own imports, but unfortunately the previous solution was not an option for me.

I have also once written a hooking DLL that uses similar principles, but that is only an option if you can either modify the source to load the DLL or if the process supports DLL plug-ins.