Other alternatives to bypass WH_CALLWNDPROC global hook + Dll injection (Ring 3)?

Question

I want know what are the possible solutions to bypass a dll injection made by a rootkit everytime that any process is executed (where is used a global hook on WH_CALLWNDPROC message to detect this)?

Based in my case and also in this answer, i already know (and tested) of two alternatives that works 100% to bypass this, are they::

1. UnhookWindowsHookEx

2. Execute my process via other process, with flag DEBUG_ONLY_THIS_PROCESS using CreateProcess, to receive notifications of DLL loading, when this is detected i take the EntryPoint of dll and write something to that, then the dll is unloaded.

---

3. Other possible solution could be TLS callback like was said on answer linked above, but i don't know how implement (in code) to this purpose of anti dll injection. Someone know and could give a code example?

Thank you in advance by any suggestion/or others alternatives to bypass this way of dll injection.

---

EDITION:

I think that the 3rd possible solution enumerated above seems deserve a attention. Then I'm searching by a answer with a code example about this: "A process can host a TLS callback, and then it will receive notifications of thread creation. That can intercept thread creation such as what is produced by CreateRemoteThread. If the thread start address is LoadLibrary(), then you have a good indication that someone is about to force-load a DLL." And then block the dll injection.

Answer 1

I think it's unnecessary to keep finding different alternatives, instead, use the alternatives you have already found, such as UnhookWindowsHookEx. If you want, just try out the TLS callback anyway.