whocalls is a simple Windows DLL that logs some info whenever it gets loaded.
For use in identifying and demonstrating DLL planting opportunities.
(I can never find other people's implementations when I need them.)
-
Customise the output filename in the source code.
-
Compile to PE format.
e.g. Using MinGW on Kali:
x86_64-w64-mingw32-gcc -shared -s -o whocalls.dll whocalls.c
- Customise the DLL name and drop it somewhere.
- Periodically review the log file.
That's up to you.