Windows: How to create custom appcompat shims (Application Fixes)?
https://stackoverflow.com/questions/1711665
-
19-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Windows has the capability to apply shims to mis-behaving applications. Shims are used to intercept API calls and change it. For example, shims can be used to:
- change the incoming paramters
- lie about the return values
- change it to call something else
The Application Compatibility Tookit has quite a few existing shims you can apply to your own mis-behaving application. Here's an example of one that ignores your API call and instead calls a completely different API instead:
i need a shim that isn't one of the hundreds of shims Microsoft already wrote. i need a custom shim.
In my case i want to intercept calls to:
GetSystemMetrics(0x1000)
so that it returns 0. i can't find any information on how to give Windows my own DLL that will have the fix i need. i don't even know if you can create custom shims.
Does Windows support custom shims?
Solution
I'm not aware of any way of someone other than Microsoft implementing an appcompat shim.
You might want to investigate Detours, it might provide the functionality you want.
OTHER TIPS
You have to think of this from Raymond Chen's point of view. Imagine if it were possible for somebody other than Microsoft to write compatibility shims. Then whenever Microsoft makes a breaking change, in addition to all their other compatibility work they will also have to write shims for the 3rd party shims that did the wrong thing. Maintaining backward compatibility is hard enough as it is.
It's possible, but it requires some work.
You spawn the application using your own launcher program which will apply the shim. You do this by letting your launcher create the process with sufficient privileges to edit its memory. Most API functions start with a two-byte nop preceded by more nops. You can change the two-byte nop into a short jump and the preceding nops to a long jump where ever you want to go.
An alternative solution which I have used in the past is to load the executable as a DLL, but that can cause more work since depending on how finicky the application is. In my situation I had to load the executable as a data-only DLL and do all my own imports, but unfortunately the previous solution was not an option for me.
I have also once written a hooking DLL that uses similar principles, but that is only an option if you can either modify the source to load the DLL or if the process supports DLL plug-ins.
you could always use reverse engineering to fix it :), let me know if you need any help with it
