FileNotFoundException in RewriteModuleIAT

[rasta-mouse]

I think this is meant to work?

using DInvoke.DynamicInvoke;
using DInvoke.ManualMap;
using Data = DInvoke.Data;

using System;

namespace DInvokeTest
{
    class Program
    {
        static void Main(string[] args)
        {
            var pid = int.Parse(args[0]);

            var map = Overload.OverloadModule(@"C:\Windows\System32\kernel32.dll");

            var paramaters = new object[]
            {
                Data.Win32.Kernel32.ProcessAccessFlags.PROCESS_ALL_ACCESS,
                false,
                pid
            };

            var hProcess = (IntPtr)Generic.CallMappedDLLModuleExport(map.PEINFO, map.ModuleBase, "OpenProcess",
                typeof(Win32.Delegates.OpenProcess), paramaters);

            Console.WriteLine("Handle => 0x" + string.Format("{0:X}", hProcess.ToInt64()));
        }
    }
}

Unhandled Exception: System.IO.FileNotFoundException: api-ms-win-core-processthreads-l1-1-0.dll, unable to find the specified file.
   at DInvoke.ManualMap.Map.RewriteModuleIAT(PE_META_DATA PEINFO, IntPtr ModuleMemoryBase)
   at DInvoke.ManualMap.Map.MapModuleToMemory(IntPtr pModule, IntPtr pImage, PE_META_DATA PEINFO)
   at DInvoke.ManualMap.Overload.OverloadModule(Byte[] Payload, String DecoyModulePath, Boolean LegitSigned)
   at DInvokeTest.Program.Main(String[] args)

Probably a duplicate of cobbr/SharpSploit#58

[TheWover]

I think you're right. It works on my machine, but if it is actually a flaw with API Set resolution, then that could happen if you and I have different versions of Windows / APIs.

Thanks for finally finding a test case for this bug! I've marked this as a bug to fix for the next minor version.

[rasta-mouse]

Let me know if there's any more information from my end that would be useful.

[TheWover]

I think I know what the issue is. If I can't reproduce the error (or simulate it) on my end, I'll ping you later to see if you can test a fix.

[TheWover]

Fixed in af9f869 Will be merged with v1.1.