Reputation: 670
Hooking windows API functions to intercept dll loading (Windows only)
I want to intercept dll's loading so I can use them. My first idea was to hook GetProcAddress. Surprisingly, by hooking it, I can only intercept calls made within the process that owns my library. (I opened another executables that call GetProcAddress and those calls don't get intercepted) (I guess because it is dynamically compiled against my lib)
Example of the output:
C:\Windows\syswow64\kernel32.dll Module32NextW
C:\Windows\syswow64\kernel32.dll CreateToolhelp32Snapshot
C:\Windows\system32\DINPUT.dll DirectInputCreateW
C:\Windows\SysWOW64\ntdll.dll DirectDrawCreate
Anyway, what I want to know is where I should start to be able to intercept dlls loading so I can then use their functions.
Basically, I want to be able to call GetModuleInformation for any dll loaded.
Upvotes: 3
Views: 5326
Answers (2)
Reputation: 20558
First, what are you doing that requires a global hook?
If you want to be notified that a DLL has loaded in any process, you can look into PsSetImageLoadNotifyRoutine, which is a kernel-mode routine. Despite it being kernel mode, it's not very hard to use and writing a basic driver is pretty fun.
Another way would be to force a load of your library in every process. There are a variety of methods, one of the more legit ones would be Windows Message hooks.
Upvotes: 4
Reputation: 288
Install a system-wide hook on the LoadLibrary function. (I have no idea how to use that small comment thing underneath the question so)
Upvotes: 0
Related Questions
- Hook APIs that imported to program by LoadLibrary/GetProcAddress
- How to get a DLL loading process handle
- system wide api hook
- Windows API Hook C++
- System Wide ApI Hooking
- Windows Hooking and Dll Loading
- API Hooking without Detours
- API Hooking which takes effect across entire process - both EXE and DLLs
- how can i hook a Api function from system dll?
- C++ hooking a dll?