hi bro's,
i'm searching for a way to hook API's for a simple protected application (won't name protector
)
this should be generic working on Win 95 / 98 / Me / NT / 2000 / XP.
i won't use import-redirection.
on XP i used a method of unprotecting kernel pages and redirect from there to my code. it worked, but it doesn't work on other OS. 95 / 98 / Me can't unprotect kernel-memory. it's the same as with export-patching. i heard something of an undocumented API with ordinal 1 that should be able to unprotect this memory. anybody knows about this?
or any suggestions?