Search notes:

Reverse engineering: Hooking

Hooking: Intercept function/API calls, messages or events between programs or program parts.
Steps:

Detours

Detours allows to re-route WinAPI calls.
Detours 4.01 is licensed under the MIT license.
github 
git clone https://github.com/microsoft/Detours.git
cd Detours
nmake

Failed to generate a strong name key pair -- Access is denied.

cacls.exe “%ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys” /E /G Rene:F

nmake
…
TODO: detoured.dll

TODO

mfdetours.dll in the %WindowsSdkVerBinPath% directory.

See also

https://github.com/apriorit/mhook
The value AppInit_DLLs under the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows.

Index