Condividi tramite


Using the ShimViaEAT Fix

Applies To: Windows 7, Windows Vista

This section includes information about using the ShimViaEAT compatibility fix, including the associated issues, intercepted application programming interfaces (APIs), available command-line options, and usage.

ShimViaEAT

The ShimViaEAT compatibility fix addresses issues that occur if a compatibility fix file is not applied properly. In most cases, compatibility fixes are applied by modifying the Import Address Table (IAT) to point to a Windows function from the original Windows DLL to the new function in the compatibility fix DLL. However, this does not always work as expected, and can cause problems if an application attempts to get the address from the Export Address Table (EAT) of the original DLL file. The ShimViaEAT compatibility fix resolves this issue by causing the specified fixes to be applied, by modifying the EAT of the imported DLL, instead of modifying the IAT of the loading application.

Investigating the Issue

Application-related issues that can be resolved by applying the ShimViaEAT compatibility fix can vary in both detection and resolution. The two primary ways are:

  • If you can attach a debugger to your application, you can inspect the address that is being called by a function, prior to arriving in Windows. You can also discover these entry points by setting up a breakpoint on the Windows method, and then by investigating the call stack. If you do not see the AcLayers!*, AcGenral!, or a similar DLL file, then the API has not been intercepted.

  • In the situation where you cannot attach a debugger, such as if an application uses IAT monitoring for copy protection purposes, which actively prevents debugger usage, then you might have to investigate by using trial and error, observing that the expected change in behavior did not occur, even if the application fits the profile for discouraging API interception.

Intercepted APIs

The ShimViaEAT compatibility fix does not intercept API calls directly. Instead, the compatibility fix monitors all DLL load events, looking for APIs that are specified at the command-line level and if appropriate, the compatibility fix will modify the EAT of the loading DLL.

Command-Line Options

The following table provides details for the available command-line option, including its usage.

Option Description
ApiToHook1,OriginalDllName1,FixName1;ApiToHook2,OriginalDllName2,FixName2;...

Enables you to correctly apply compatibility fixes. You must provide the exact name of the API you intend to hook, the DLL in which it resides, and the name of the compatibility fix you are attempting to apply. Because many of the compatibility fixes can affect multiple APIs, you might be required to provide several parameters to correctly connect the fix.

ApiToHook

The name of the API.

Original_DLL_Name

The name of the original DLL file.

Fix_Name

The name of the new compatibility fix that you will apply to the application.

Note
Separate multiple entries with a semicolon (;).

Example

GetVersionExW,Kernel32.dll,WinXPSP1VersionLie;GetVersionExW,Kernel32.dll,WinXPSP2VersionLie

Fixing Your Code

Because this compatibility fix is used only to help apply fixes to applications that are trying to avoid API interception, there is no specific code fix recommendation. The application should be fixed so that it does not require a compatibility fix; however, the fix itself depends on which fix was required to correct the problem.

See Also

Concepts

Windows Vista and Windows 7 Operating Systems