In Chapter 3, Dynamic Analysis, you learned how some DLLs can perform process checks to determine whether they are running under a particular process, such as explorer.exe or iexplore.exe. In that case, you may want to debug a DLL inside a specific host process, rather than rundll32.exe. To pause the execution at the DLL's entry point, you can either start a new instance of the host process or attach to the desired host process using the debugger, and then select Debugger | Debugger options and check the option Suspend on library load/unload. This option will tell the debugger to pause whenever a new module is loaded or unloaded. After these settings, you can resume the paused host process and let ...