API-hooking

[MaRKuS-DJM]

Quote:

Originally Posted by nikola

Afaik VirtualProtectEx should finish the job for you.

i tried this, but you aren't able to do this for Win 95 / 98 / Me kernel because it won't remove it's protection. i want to make it generic for every win OS.

@nikola
i don't want to make an import resolver, the thing i'm trying to make is generic protection inline-patcher through API-hooking. it works through a hook of CreateFileA (backup-file) or optional hook of CreateFileMappingA (writing old bytes back) or ReadFile (also write old bytes back). then GetModuleHandleA is also hooked because it's near OEP for most programs. from there the real inline-patch is done.
this should all work through a in-memory patch of kernel32 export table or an external dll hooked for all processes. i don't think direct API patching is good idea because you will have trouble then getting back to the next API-commands.
the idea comes from DZA-patcher or dUP, but these inline-patches don't work for applications like arma or ASPr. i successful inline-patched some ASPr-targets (any version) this way without problems.