[NickGerleman]

Code signing makes that pretty tricky. System DLLs will have integrity checks against msft certs.

[SCHiM]

Not all of them. msimg32.dll has no certificate and many system processes attempt to load that. There are more dlls in system32 if you look. Neither does Wldap32.dll, which gets loaded into lsass and is part of the knowndlls...