Hook LoadLibrary call from managed code
Recent StackOverflow Question:
We would like to hook calls to LoadLibrary in order to download assemblies that are not found. We have a handler for ResolveAssembly that handles the managed assemblies, but we also need to handle unmanaged assemblies.
We have attempted to hook LoadLibrary calls by re-writing the imports table via techniques specified in “Programming Applications for Microsoft Windows”, but when we call WriteProcessMemory() we get a permission denied error (998). (Yes, we’re running with elevated privs)
Has anyone succeeded in re-writing the imports table while the CLR is loaded? Can anyone point me in the right direction?
Update: We resolved the permission denied issue, but now when we iterate the Imports Table of a mixed assembly (managed + unmanaged), the only entry we find is mscoree.dll. Does anyone know how to find the native imports? (we’re working in C++/CLI).
We resolved the issue via a call to VirtualProtect() prior to calling WriteProcessMemory() and then call it again afterwards to restore the protection levels. This temporarily removes the read-only protection for the memory where the IAT resides. This works well for us and resolves the issue for when LoadLibrary() is called.