So I have a native Windows dll witch is heavily obfuscated, so disassembling is not an option.
If I call a specific function in the dll, the dll does some stuff in my registry, reads a few files and finally returns something.
I want to hook up the registry and filesystem WinAPI calls. So that I can change the return of those WinAPI calls.
Do you have any Ideas how to do that?
My first guess was to inject a dll and create a windows Hook. So if dll Injection is the only way to do it, how can I inject my dll before any code in the real dll executes.
It seems the only solution is to inject a dll (via AppInit_DLL) and hook the windows functions (setwindowshookex).