Closed Lectem closed 3 years ago
Because the import table does not have a wide character version.
Yes but then how does one load a DLL using full path or subdirectories containing wide characters then?
You should use MBCS whenever possible It seems that there is no good way, or you can convert Unicode to ANSI.
Ah, I've been using Unicode since it is recommended here https://docs.microsoft.com/en-us/cpp/text/support-for-multibyte-character-sets-mbcss?view=msvc-160 I'm already converting to ANSI so I suppose there is no other way since Detours uses import tables to inject DLLs as you said. I'll just output an error message if conversion fails. Thanks for the answer!
I suppose the only way to fix this issue would be to use another method for the dll injection than patching the import table. (would detouring the child process entry point work)?
Modifying the import table is currently the most reliable method. Of course, if you need it, you can try CreateRemoteThread+LoadLibraryW to inject. It is also possible to modify AddressOfEntryPoint code.
Thanks I'll look into it if I ever have issues with import tables!
All variants of
DetourCreateProcessWithDllExW
are takingLPCSTR
instead ofLPCWSTR
for the dll names. It seems to be due to the fact that deep downUPDATE_IMPORTS_XX
does not have a widechar version. Would changing this be conceivable ? This is an issue if the dll is in a path requiring it.