The concept of monitoring the implementation dll and the creation thread from other processes
Set splice on system function 'LdrpCallInitRoutine' for monitoring DLL loading/unloading. Set splice on system function 'BaseThreadInitThunk' for monitoring new threads.