Strange error while attempting API hooking
Here's what I'm doing:
1. CreateProcess() with name of .exe to hook, and specify CREATE_SUSPENDED flag
2. CreateRemoteThread() on suspended process, with address of NtAlertThread
3. Do hooking
4. ResumeThread() on process
Apparently, this is causing some problems with applications that load .NET dlls. For example, Calculator and Notepad get loaded with comctl32.dll from the WinSxS folder instead of the system32 folder, and neither works correctly with the above procedure then.
I know that the problem is not in the hooking itself, because even when I remove step 3 from the above and do no hooking at all, it still causes a problem. However, removing step 2 fixes the problem. The problem is also not caused by me selecting NtAlertThread as the start address of the remote thread, because the above steps work correctly on applications that do not load any DLLs from the WinSxS at load time.
Any help is urgenly needed...thanks in advance :)