We help IT Professionals succeed at work.

Hooking LoadLibrary

Shocker123
Shocker123 asked
on
I have an executable which loads my Custom DLLs while executing various features.
Some hackers have injected DLL and are able to tamper with the client. I have read that we can prevent the  technique (CreateRemoteThread which calls LoadLibrary) by hooking LoadLibrary. In the hook we check against a list of DLL names that we know are part of the process and that may be loaded.

I would like to know if someone have implemented such solution and can help me out?
Comment
Watch Question

Commented:
I posted a class which can be used to hook functions at http:Q_26321029.html#a33184411 - you can use that to hook LoadLibrary...

HTH
You may want to use method ordinal instead of names. Use NONAME to hide method names. You can start from http://msdn.microsoft.com/en-US/library/e7tsx612(v=vs.80).aspx to get mode detail information.