Quote:
Originally Posted by cracki
Thank you for your response and the guidance you provided!
If I save a version of the DLL that has been extracted from the embedded state alongside the program and somehow (as per the techniques mentioned in the tutorial you provided) remove the "module initializer" so that "the embedded references will be ignored when running the binary" will the program then use the file I saved and patched?
|
Yes it will work.
As long as the executable has import references to functions in the patched DLL. You should save it in the same folder the calling executable is in.
This is same principle why proxy dll or DLL hijacking works.