Detours-based tracing tools hook kernel32's CreateProcessW to intercept child process creation. Since cmd.exe currently links only against kernelbase, its calls to CreateProcessW resolve directly to kernelbase and never hit the hook. Add kernel32 to cmd.exe's imports so that CreateProcessW resolves from there, allowing Detours hooks to intercept process creation as intended. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> --- programs/cmd/Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/cmd/Makefile.in b/programs/cmd/Makefile.in index cc91373..343fe59 100644 --- a/programs/cmd/Makefile.in +++ b/programs/cmd/Makefile.in @@ -1,5 +1,5 @@ MODULE = cmd.exe -IMPORTS = shell32 user32 advapi32 kernelbase +IMPORTS = shell32 user32 advapi32 kernel32 kernelbase EXTRADLLFLAGS = -mconsole -municode -- 2.53.0