Traditionally, code has been hooked in association with a new process for executing the code in association with the new process. Hooking in association with a new process has generally been utilized in an attempt to execute the hooked code early within execution of an executable associated with the new process. Unfortunately, conventional techniques for hooking code in association with a new process have exhibited various limitations.
Just by way of example, one of such conventional techniques has included intercepting a thread creation process and blocking the same while injecting desired code. However, such technique is generally limited since the interception of the thread creation process relies on operating system behavior which changes between versions. Another conventional technique has included intercepting a DLL load mechanism and injecting a desired thread for execution thereof. While libraries are loading, however, loader code within a library (e.g. ntdll.dll) may lock its associated data structures, such that the injected thread is required to wait until the locks are released before the injected code is able to load its own libraries. Accordingly, initialization of the injected code and initialization of the process may run in parallel such that the injected code is prevented from executing at an earlier point within the process.
There is thus a need for addressing these and/or other issues associated with the prior art.