EasyHook - Immediate Mode (reload kernel32?)

Jul 13, 2016 at 2:57 PM

its about using EasyHook and especially manipulating DateTime. With some parts from the example my application returns manipulated DateTime, but some implemented DLLs still remember the real DateTime. There are other tools like RunAsDate with an 'immediate mode' which changes the DateTime earlier or something like that. I tried it and all implemented DLLs return the manipulated DateTime. So how can I achieve this with EasyHook, is there more to manipulate or do I need to inject earlier or do something weird with kernel32?

Thanks for help