1) you need inject your code in target process
2) you must check if CFG presents in your target module. It seems that MS linker has a bug - DataDirectory[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG].Size eq 0x40. but IMAGE_LOAD_CONFIG_DIRECTORY.Size contains right value
3) you must just patch pointer in *(IMAGE_LOAD_CONFIG_DIRECTORY.GuardCFCheckFunctionPointer) to your handler. Prototype of handler:
void __fastcall my_check_icall(PBYTE addr)
4) now you can check
addrparameter. One possible check - just see if this
addrlocated in some loaded module, so you can traverse on PEB_LDR_DATA
Have fun !