Importando (import and override 😏) is a console application that allows you to modify PE image imports on process start.
Command line options:
importando [options] <executable> [args]
Options:
-i <import_definition>
-i <import_definition1>:<import_definition2>
Add a new import to the executable or forward an existing import. This option can be specified multiple times.
-v
Print verbose output.
-h, --help
Print this help message.
Possible import_definition:
dll_name.dll!function_name - import by name
dll_name.dll#ordinal - import by ordinal
Examples:
importando -i test.dll#1 -i kernelbase.dll!CreateFileW:trace.dll!CreateFileW cmd.exe
No installation is required, download the binaries and run it.
The executable is 64-bit, but works with both 64- and 32-bit executables.
You may use importando to inject a new DLL at a process start (in this mode, it works similarly to withdll), but also to fix issues with imports such as the one below:
The fix would be to add a forward: importando.exe -i shell32.dll!StrCpyNW:shlwapi.dll!StrCpyNW c:\temp\app32.exe.
If you are interested how importando works, have a look at this blog post on my blog.
You may install importando as an Image File Execution Options debugger for a given executable, which would modify the process imports table on every application launch. For example:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\app32.exe]
"Debugger"="c:\\tools\\importando.exe -i shell32.dll!StrCpyNW:shlwapi.dll!StrCpyNW