I've been trying to make a way to switch the Dll directory of a program I don't own, from an "injector" program which is suppose to switch the Dll loading directory to load the modified or tapped Dlls.
Here's the function:
void AddDirectory(HANDLE Handle, const char* DllPath)
{
void *Function, *String;
Function = (void*)(SetDllDirectoryA);
String = (void*)VirtualAllocEx(Handle, NULL, strlen(DllPath), MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
CreateRemoteThread(Handle, NULL, NULL, (LPTHREAD_START_ROUTINE)Function, (void*)String, NULL, NULL);
}
I can't seen to figure out why this won't work?
Thanks to Ben Volgt for the help provided above!
EDIT: Note, as Ben Volgt said, you must be certain that you can intercept the process in time for the directory to be changed before the DLLs are loaded. Therefore this won't always work, although in my case it did.
IF anyone should want to intercept a processes loading locations, the code can be found here:
void AddDirectory(HANDLE Handle, const char* DllPath)
{
if (!Handle)
{
//Error Message or Redirect
}
LPVOID AddDllDirAddr = (LPVOID)GetProcAddress(GetModuleHandleA("kernel32.dll"), "SetDllDirectoryA");
if (!AddDllDirAddr)
{
//Error Message or Redirect
}
LPVOID Alloc = VirtualAllocEx(Handle, NULL, strlen(DllPath), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (!Alloc)
{
//Error Message or Redirect
}
WriteProcessMemory(Handle, Alloc, DllPath, strlen(DllPath), NULL);
HANDLE Thread = CreateRemoteThread(Handle, NULL, NULL, (LPTHREAD_START_ROUTINE)AddDllDirAddr, Alloc, 0, NULL);
if (!Thread)
{
//Error Message or Redirect
}
WaitForSingleObject(Thread, INFINITE);
VirtualFreeEx(Handle, Alloc, strlen(DllPath), MEM_RELEASE);
CloseHandle(Thread);
CloseHandle(Handle);
}