Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


jumper

ImportPatcher.41 - Find and fix dependency problems

Recommended Posts

I am patching avrt.dll of Vista with import patcher any one know which api can be used for replacing following. I need it for FF54

[Patches needed]
avrt.dll=Functions  
[ntdll.dll]
NtAlpcConnectPort=
NtAlpcSendWaitReceivePort=
AlpcGetMessageAttribute=
AlpcInitializeMessageAttribute=
 

[Patches needed]
dwmapi.dll=Functions  
[ntdll.dll]
EtwEventUnregister=
WinSqmIsOptedIn=
EtwEventRegister=
WinSqmAddToStream=
EtwEventWrite=
[USER32.dll]
SfmDxBindSwapChain=
SfmDxReleaseSwapChain=
IsThreadDesktopComposited=
SetWindowCompositionAttribute=
DwmGetDxSharedSurface=
LogicalToPhysicalPoint=
IsProcessDPIAware=
IsTopLevelWindow=
GetWindowCompositionAttribute=
[KERNEL32.dll]
RegGetValueW=


I need more help with some windows media foundation files but please help me now with this one .

Edited by Dibya

Share this post


Link to post
Share on other sites

Because the end product isn't likely to work, I wouldn't put much time into it initially. Use any function with a shorter name.

Once you get past the loader, if one of these functions actually gets called, that is the time to look for replacements that match parameter counts and return/LastError values on error.

  • Upvote 1

Share this post


Link to post
Share on other sites

I wish import patcher can fix TLS issue in Firefox

Share this post


Link to post
Share on other sites

ImportPatcher does patch and/or report a few things in the headers other than just imports, so it'll be easy to also detect TLS directory entries in DLLs (not EXEs) and zero them if requested. Do these Firefox problem DLLs export any common functions (like plugins do) that can be used to identify them?

Share this post


Link to post
Share on other sites
On 6/6/2017 at 7:19 AM, Dibya said:

[Patches needed]
IsTopLevelWindow=

https://jellevergeer.com/the-undocumented-istoplevelwindow-api/

https://stackoverflow.com/questions/16973995/whats-the-best-way-do-determine-if-an-hwnd-represents-a-top-level-window

It seems to be something like :

BOOL IsTopLevelWindow(HWND hWnd)
{
   return (
hWnd==GetAncestor(hWnd, GA_ROOT));
}

https://docs.microsoft.com/en-us/windows/desktop/api/winuser/nf-winuser-getancestor

Edited by hotnuma
  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, jumper said:

ImportPatcher does patch and/or report a few things in the headers other than just imports, so it'll be easy to also detect TLS directory entries in DLLs (not EXEs) and zero them if requested. Do these Firefox problem DLLs export any common functions (like plugins do) that can be used to identify them?
 

Nope only TLS function

Share this post


Link to post
Share on other sites

I tried ImportPatcher under XP and I can't really understand how it works. :D

First, I've built a test.exe program which calls GetFileInformationByHandleEx
and targeting _WIN32_WINNT=0x0601

I've built a mod.dll containing a dummy bla function with the same arguments that
the real 
GetFileInformationByHandleEx


Now I want to replace the missing GetFileInformationByHandleEx with
the dummy bla function from mod.dll :

 

[Patches needed]
test.exe=Functions    
[KERNEL32.dll]
GetFileInformationByHandleEx=bla  * not found

I tried also : GetFileInformationByHandleEx=mod.bla
and different other things but I always get "not found".

I'm missing something. :P 

 

Share this post


Link to post
Share on other sites

Sorry, you can't do what you're trying to do. :(
Imports from Kernel32.dll have to come from Kernel32.dll...
...unless you redirect them _all_ to mod.dll:
[DLL replacements]
KERNEL32.dll=mod.dll

And then mod.dll has to handle _all_ Kernel32 APIs (it can export-forward them back to Kernel32.dll, however).

Share this post


Link to post
Share on other sites

I understand, that's how xompie do it. :-P

So, I tried with xompie's kernelxp.dll this way :
 

[DLL replacements]
KERNEL32.dll=kernelxp.dll


It works just fine. Thanks a lot. :-D 

 

Edited by hotnuma

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...