How can mimilib.dll be used to capture password changes via the PasswordChangeNotify feature?

The PasswordChangeNotify feature uses `InitializeChangeNotify` and `PasswordChangeNotify` exports. Deploy mimilib.dll to `%SystemRoot%\System32`, add `mimilib` to the `Notification Packages` registry value under `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa`, and restart. Whenever a user changes their password, lsass.exe writes the new plaintext password to `kiwifilter.log`. This technique is also covered in Domain Penetration - Hook PasswordChangeNotify.