I'm trying to hook advapi32!EnumServicesStatusExW. However, some programs rather import this function from api-ms-win-service-core-l1-1-1.dll instead. I later learned, that the api-ms-* DLL redirects the call to advapi32.dll. However, the hook was not called.
In a test, when hooking api-ms-win-service-core-l1-1-1!EnumServicesStatusExW directly, the hook however is called.
Now the question is: If api-ms-win-service-core-l1-1-1.dll redirects calls to advapi32.dll, then my hook should be called, imho. Is this a bug that is caused by the new feature / logic of the DLL loader - or is there simply no other way except hooking api-ms-win-service-core-l1-1-1.dll directly? Or maybe I'm mistaken about the difference between these two "DLL types" (?)
I'm trying to hook
advapi32!EnumServicesStatusExW. However, some programs rather import this function fromapi-ms-win-service-core-l1-1-1.dllinstead. I later learned, that the api-ms-* DLL redirects the call toadvapi32.dll. However, the hook was not called.In a test, when hooking
api-ms-win-service-core-l1-1-1!EnumServicesStatusExWdirectly, the hook however is called.Now the question is: If
api-ms-win-service-core-l1-1-1.dllredirects calls toadvapi32.dll, then my hook should be called, imho. Is this a bug that is caused by the new feature / logic of the DLL loader - or is there simply no other way except hookingapi-ms-win-service-core-l1-1-1.dlldirectly? Or maybe I'm mistaken about the difference between these two "DLL types" (?)