I have an NT program that calls HeapAlloc by specifying the import from KERNEL32.DLL
When I debug the application using MSVC I see that the code that should be calling the HeapAlloc function in KERNEL32.DLL is instead pointing to RtlAllocateHeap in NTDLL.DLL
Now this would not normally matter but it is important for me because of the following reasons.
I am writing a 'wrapper' which encrypts the original exe file and when I unwrap it I effectively carry out the functions of the Windows loader and automatically point the import to the HeapAlloc in KERNEL32.DLL as specified in the import table.
On running the program however it causes an exception shortly after entering HeapAlloc.
Looking at other 'Heap' routines such as HeapCreate I can see that they are pointing to the ones I expect in KERNEL32.DLL.
What is causing this effect?
How can I emulate the windows loader to change this (and perhaps other imports) which are being forced from one dll to another?