ANSICON provides ANSI escape sequences for Windows console programs. It
provides much the same functionality as ANSI.SYS
does for MS-DOS.
ANSICON injects a DLL into a process, hooking its functions.
One of three methods is used to inject the DLL.
LoadLibrary
via CreateRemoteThread
for a running process.
LdrLoadDll
via CreateRemoteThread
for a 64-bit .NET AnyCPU process.
Adding the DLL directly to the import table, otherwise.
Hooking is achieved by modifying import addresses, or the return value of
GetProcAddress
.