I have a vendor DLL that looks up a value in the HKLM registry branch to change the behavior of the DLL. It's a terrible alternative to a simple boolean flag passed to the API. Is there a way to have the DLL read from a "local" version of the variable that gets set at runtime?
You can hook the registry API via Import Table patching of your third party dll. You will need to patch RegCreateKey(Ex)/RegOpenKey(ex) and RegGetValue, and every time the first is called you need to see if the path is the one that you are looking for. If so - save the resulting HKEY and check the following RegGetValue calls to see if tat HKEY is passed to it. If it is, and the name of the value matches the one that you are looking for - just replace the result with whatever you need.
http://www.codeproject.com/Articles/2082/API-hooking-revealed http://www.codeproject.com/Articles/6265/Process-wide-API-spying-an-ultimate-hack