I want to intercept dll’s loading so I can use them. My first idea was to hook GetProcAddress. Surprisingly, by hooking it, I can only intercept calls made within the process that owns my library. (I opened another executables that call GetProcAddress and those calls don’t get intercepted) (I guess because it is dynamically compiled against my lib)
Example of the output:
C:\Windows\syswow64\kernel32.dll
Module32NextWC:\Windows\syswow64\kernel32.dll
CreateToolhelp32SnapshotC:\Windows\system32\DINPUT.dll
DirectInputCreateWC:\Windows\SysWOW64\ntdll.dll
DirectDrawCreate
Anyway, what I want to know is where I should start to be able to intercept dlls loading so I can then use their functions.
Basically, I want to be able to call GetModuleInformation for any dll loaded.
First, what are you doing that requires a global hook?
If you want to be notified that a DLL has loaded in any process, you can look into PsSetImageLoadNotifyRoutine, which is a kernel-mode routine.
Despite it being kernel mode, it’s not very hard to use and writing a basic driver is pretty fun.
Another way would be to force a load of your library in every process. There are a variety of methods, one of the more legit ones would be Windows Message hooks.