Zorba the Geek Posted December 28, 2021 Share Posted December 28, 2021 (edited) Can someone explain in a nutshell how ImportPatcher works so that a newbie can get started with it. I dabbled with it by targeting Python37.dll version 3.7.9150.1013 under Windows XP. First I analyzed with Importpatcher and this is the result I received in Python3#.ini [Patches needed] python37.dll=Functions [KERNEL32.dll] GetFinalPathNameByHandleW= InitializeProcThreadAttributeList= UpdateProcThreadAttribute= DeleteProcThreadAttributeList= GetTickCount64= This is what I received in Python3#.log. I have edited out the imports from everything except those from the problematic KERNEL32.dll and WS2_32.dll to make this post easier to read. ImportPatcher.41 Portable Executable: "F:\Internet Downloads\Python\Python 3.7.9\python37.dll" TimeDateStamp: 2020 Aug 17 19:02:10 OS Subsystem Version: 6.0 Importing from WS2_32.dll TimeDateStamp: 2016 May 10 19:21:18 OS Subsystem Version: 4.10 ? 19 ? 7 ? 111 Importing from KERNEL32.dll TimeDateStamp: 2019 Mar 19 18:39:07 OS Subsystem Version: 4.0 * GetFinalPathNameByHandleW * not found * InitializeProcThreadAttributeList * not found * UpdateProcThreadAttribute * not found * DeleteProcThreadAttributeList * not found * GetTickCount64 * not found The log file seems to be importing all the exports of the modules that Python37.dll is linked to. Does that mean that it is listing all the imports in Python37.dll's import table, while noting those that are missing from the OS, and nothing is changed in Python3#.dll? The ini file lists patches required for the missing imports from kernel32.dll. This is the difficult bit. Where do you obtain the patches from, or how do you create them? Are you supposed to extract sections from an NT6 version of kernel32.dll using the hex editor in IDA Pro, or is there some way of automatically creating these patches? Edited December 28, 2021 by Zorba the Geek Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now