Using the ShimViaEAT Fix
Published: June 11, 2010
Updated: June 11, 2010
Applies To: Windows 7, Windows Vista
This section includes information about using the ShimViaEAT compatibility fix, including the associated issues, intercepted application programming interfaces (APIs), available command-line options, and usage.
The ShimViaEAT compatibility fix addresses issues that occur if a compatibility fix file is not applied properly. In most cases, compatibility fixes are applied by modifying the Import Address Table (IAT) to point to a Windows function from the original Windows DLL to the new function in the compatibility fix DLL. However, this does not always work as expected, and can cause problems if an application attempts to get the address from the Export Address Table (EAT) of the original DLL file. The ShimViaEAT compatibility fix resolves this issue by causing the specified fixes to be applied, by modifying the EAT of the imported DLL, instead of modifying the IAT of the loading application.
Investigating the Issue
Application-related issues that can be resolved by applying the ShimViaEAT compatibility fix can vary in both detection and resolution. The two primary ways are:
If you can attach a debugger to your application, you can inspect the address that is being called by a function, prior to arriving in Windows. You can also discover these entry points by setting up a breakpoint on the Windows method, and then by investigating the call stack. If you do not see the AcLayers!*, AcGenral!, or a similar DLL file, then the API has not been intercepted.
In the situation where you cannot attach a debugger, such as if an application uses IAT monitoring for copy protection purposes, which actively prevents debugger usage, then you might have to investigate by using trial and error, observing that the expected change in behavior did not occur, even if the application fits the profile for discouraging API interception.
The ShimViaEAT compatibility fix does not intercept API calls directly. Instead, the compatibility fix monitors all DLL load events, looking for APIs that are specified at the command-line level and if appropriate, the compatibility fix will modify the EAT of the loading DLL.
The following table provides details for the available command-line option, including its usage.
Enables you to correctly apply compatibility fixes. You must provide the exact name of the API you intend to hook, the DLL in which it resides, and the name of the compatibility fix you are attempting to apply. Because many of the compatibility fixes can affect multiple APIs, you might be required to provide several parameters to correctly connect the fix.
The name of the API.
The name of the original DLL file.
The name of the new compatibility fix that you will apply to the application.
Fixing Your Code
Because this compatibility fix is used only to help apply fixes to applications that are trying to avoid API interception, there is no specific code fix recommendation. The application should be fixed so that it does not require a compatibility fix; however, the fix itself depends on which fix was required to correct the problem.