-
Notifications
You must be signed in to change notification settings - Fork 1k
DetourRestoreAfterWith
Restore the contents in memory import table after a process was started with DetourCreateProcessWithDllEx or DetourCreateProcessWithDlls. .
BOOL DetourRestoreAfterWith(VOID);
Returns true if the necessary payload was found and the restore succeeded.
The function sets one of the following error codes if it was unable to
find the necessary payload or restore the import table. The error code
may be retrieved after the function has returned by calling
GetLastError
.
ERROR_MOD_NOT_FOUND : Could not find the necessary payload.
The
DetourCreateProcessWithDllEx
API modifies the in-memory import table of the target PE binary program
in the new process it creates. For correct application compatibility, the
changes to the import table should be removed before the application
runs. To remove these changes,
DetourCreateProcessWithDllEx
copies relevant reversal data into a payload in the target process using
the DetourCopyPayloadToProcess
API. When called in the target process, DetourRestoreAfterWith
searches for the necessary payloaded and restores the contents of the
import table.
For correct results, DetourRestoreAfterWith
should be called in the
PROCESS_ATTACH portion of the DllMain function of the DLL loaded into
the target process.
Simple, Simple, Slept, Traceapi, Tracebld, Tracelnk, Tracemem, Tracereg, Traceser, Tracetcp, Tryman.