number201724
commented
3 years ago Because the import table does not have a wide character version.
Closed Lectem closed 3 years ago
number201724
commented
3 years ago Because the import table does not have a wide character version.
Lectem
commented
3 years ago Yes but then how does one load a DLL using full path or subdirectories containing wide characters then?
number201724
commented
3 years ago You should use MBCS whenever possible It seems that there is no good way, or you can convert Unicode to ANSI.
Lectem
commented
3 years ago Ah, I've been using Unicode since it is recommended here https://docs.microsoft.com/en-us/cpp/text/support-for-multibyte-character-sets-mbcss?view=msvc-160 I'm already converting to ANSI so I suppose there is no other way since Detours uses import tables to inject DLLs as you said. I'll just output an error message if conversion fails. Thanks for the answer!
I suppose the only way to fix this issue would be to use another method for the dll injection than patching the import table. (would detouring the child process entry point work)?
number201724
commented
3 years ago Modifying the import table is currently the most reliable method. Of course, if you need it, you can try CreateRemoteThread+LoadLibraryW to inject. It is also possible to modify AddressOfEntryPoint code.
Lectem
commented
3 years ago Thanks I'll look into it if I ever have issues with import tables!
All variants of
DetourCreateProcessWithDllExWare takingLPCSTRinstead ofLPCWSTRfor the dll names. It seems to be due to the fact that deep downUPDATE_IMPORTS_XXdoes not have a widechar version. Would changing this be conceivable ? This is an issue if the dll is in a path requiring it.