Thread: How can I hook DllMain ?
View Single Post
  #5  
Old 01-19-2015, 01:29
Carbon Carbon is offline
VIP
  
Join Date: Sep 2013
Posts: 113
Rept. Given: 7
Rept. Rcvd 189 Times in 48 Posts
Thanks Given: 0
Thanks Rcvd at 60 Times in 19 Posts
Carbon Reputation: 100-199 Carbon Reputation: 100-199
I think the function is called LdrpCallInitRoutine. Just hook it. You can get the address from NTDLL debug symbols.


Code:
BOOLEAN NTAPI LdrpCallInitRoutine 	( 	IN PDLL_INIT_ROUTINE  	EntryPoint,
		IN PVOID  	BaseAddress,
		IN ULONG  	Reason,
		IN PVOID  	Context 
	)
__________________
My blog: https://ntquery.wordpress.com
Reply With Quote