We help IT Professionals succeed at work.

Editing IAT/Import Table on the fly.

ThievingSix
ThievingSix asked
on
1,170 Views
Last Modified: 2016-09-30
My question might be easier to understand if I give some background information.

I made a nice writeprocessmemory, and readprocessmemory hook in a dll and a program to log the function calls of a selected process. Works fine for some programs, but not for others. So I thought, why not take the program you want to log, run it suspended, and change the import table of the selected functions to point to your code.

Any hints/tips/code would be appreciated. =)
Comment
Watch Question

Software Engineer, Advisory
CERTIFIED EXPERT
Top Expert 2005
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.