Msg#: 4012115 posted 10:24 am on Oct 23, 2009 (gmt 0)
I have been studying a complex programming problem for a while now. Finally, I have devised a very simple solution, however...
I need to patch two functions in Kernel32.DLL but I need the patch to apply to a single process - this is absolutely essential since it could adversely affect other programs. It seems likely to me that this is possible for development and testing but I have been unable to find useful information on how to create and install any sort of hotpatch.
For my own purposes, I think I may be able to manage using non-standard methods, but a single-process hotpatch would be enormously useful to other programmers that have been wrestling with the same problem (and there are a lot out there).
Since installing hotpatches is a System Admin job, I'm hoping someone can point me in the right direction.
Msg#: 4012115 posted 3:43 am on Oct 24, 2009 (gmt 0)
Kaled, it's been eons since I've done this but whatever you do you cannot patch the shared version of Kernel32.dll because other apps depend on it that could become unstable and/or the next Windows update will whack it.
What you have to do is create a stub DLL for your functions and then do DLL Injection into the target API.
You can find a good example of DLL Injection [software.intel.com] on Intel's site.
Msg#: 4012115 posted 10:40 am on Oct 24, 2009 (gmt 0)
For testing I'm using what I guess is described as "Target Function Modification".
Microsoft released a new technology with later versions of XP (and Vista) that allows DLLs to be patched without restarting. This involved allocating space at the start of every function for a jump to be installed (that much I understand and am using) but also it seems to patch the DLLs themselves (something I don't want to do).
So far, I haven't managed to get my modifications to work (currently baffled) and I can manage without the clever hotpatching technology, but, assuming I can get my code to work, other programmers might find a signed hotpatch solution to this problem very useful.