Scylla and Api Set Map

Microsoft introduced a new technique for API redirection with Windows 7. Microsoft splits the kernel32 functions in different DLLs e.g. api-ms-win-core-libraryloader-l1-1-0.dll. This special DLLs follow a strict naming convention. A special DLL called apisetschema.dll is injected in every process with the redirection information. It is possible to manually resolve these redirections but Scylla is not doing it manually right now. I tried to investigate this a little bit because Scylla didn’t/doesn’t work very well on Windows 8. I wrote a tool to manually parse these redirections and the result is surprising (read more here). Continue reading

Advertisements