Coffeehouse Thread

6 posts

Detouring Win32 Function Calls in PowerShell

Back to Forum: Coffeehouse
  • JoshRoss

    I came across this earlier today. I didn't realize that hooking Win32 calls could be so simple.

    -Josh

  • Sven Groot

    It's only simple because you're using a library that hides the complexity. Smiley

  • evildictait​or

    It's worth pointing out that detouring functions is entirely unsupported in Win32. If you do it, Watson will automatically discard crash dumps that patch Microsoft libraries (because it can no longer tell if you crashed because you screwed up the internal Microsoft library state) and they won't make any attempt to ensure that you program continues to work past any given Windows Update or change of the OS.

    As soon as you begin detouring functions, you live entirely on your own.

  • JoshRoss

    I'm not sure why you would want to detour for legitimate reasons. Science? Anyways. I couldn't see someone using this in production, it seem more suited for a test environment.

    -Josh

  • JoshRoss

    Oh, it gets better.

    -Josh

  • evildictait​or

    , JoshRoss wrote

    I'm not sure why you would want to detour for legitimate reasons. Science? Anyways. I couldn't see someone using this in production, it seem more suited for a test environment.

    -Josh

    AppCompat is pretty much the only good reason.

    And even then, that's a good reason for Microsoft to do it. Not a good reason for you to do it.

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.