There was a previous discussion about this years ago, but with no proper solution:
My question is, assume I want to only allow certain validated modules (dlls, etc) from being able to get loaded in my protected process, what is the best way to achieve this? So for example only DLLs signed with a proper digital signature (Microsoft or else) can get loaded in the protected process.
Because PsSetLoadImageNotifyRoutine doesn't provide a way for blocking a module from loading, so what is the alternative approach?