The idea of spoofing DLLs is not new. It is a technique used for analysis tools as well as malicious programs. By offering the same set of functions as another DLL, a calling program can unknowingly provide the means to load and execute alternate code, which can then completely change the actions of a program for good or bad purposes. In the world of malware analysis, a handy use for spoofing is to simply log each time a function in a DLL is called, which can help determine what a malicious program is attempting. But there is more than one way to spoof a DLL, and some DLLs are easier to spoof than others.