Then use device drivers (.SYS), again I have driver development in my Blog. That too device drivers hooking and security related drivers.
Take a look into my Blog for SYSENTER_MSR hook: http://codeempire.blogspot.co.uk/2013/10/kernel-driver-sysenter-hook.html
The code provided in my blog, can be easily adapted to catch and analyse and filter calls to Windows PE loader.
Apart from that there is no way to globalize your hook\monitor. Well if there is they would 1000x harder.
Last edited on
can i ask a quick question? why do you want to do this LB? because someone might be able to provide a different process that gets to the same end goal