How to avoid dll-Hijack issue ?
We have a normal C++ MFC application but we kept a .dll file in the same path where our application resides. When we start the application the dll file present in the current directory also loaded and fall in an infinite loop and our real application is non-responsive because the name of the dll is one of the System module dll that is loaded by the framework from the system path.
The reason is it look in the currentdir instead of the system path on Priprity of Dll search.
How we can avoid this dll hijack issue in Windows ?
Means how to avoid the search of dll from current directory rather look at system path at first priority
We have a normal C++ MFC application but we kept a .dll file in the same path where our application resides. When we start the application the dll file present in the current directory also loaded and fall in an infinite loop and our real application is non-responsive because the name of the dll is one of the System module dll that is loaded by the framework from the system path.
The reason is it look in the currentdir instead of the system path on Priprity of Dll search.
How we can avoid this dll hijack issue in Windows ?
Means how to avoid the search of dll from current directory rather look at system path at first priority
4 Comments
Comment
Hi Sudhansu Panda,
I think this probably can be can acchieved by registering the DLL as a 'Known DLL' - I didn't use it myself before, but from some comments I found I think this is what you need:
"The only thing KnownDLLs does is prevent implicitly loaded DLLs being loaded from the applications folder." - see https://stackoverflow.com/questions/3555749/microsoft-known-dll
"KnownDLL’s is a mechanism in Windows NT (and win9x) that allows the system to “cache” commonly used system DLLs. It was originally added to improve application load time, but it also can be considered a security mechanism, since it prevents people from exploiting weak application directory permissions by dropping in Trojan horse versions of system DLLs" - see https://blogs.msdn.microsoft.com/larryosterman/2004/07/19/what-are-known-dlls-anyway/
Hope this helps,
ZOPPO
I think this probably can be can acchieved by registering the DLL as a 'Known DLL' - I didn't use it myself before, but from some comments I found I think this is what you need:
"The only thing KnownDLLs does is prevent implicitly loaded DLLs being loaded from the applications folder." - see https://stackoverflow.com/questions/3555749/microsoft-known-dll
"KnownDLL’s is a mechanism in Windows NT (and win9x) that allows the system to “cache” commonly used system DLLs. It was originally added to improve application load time, but it also can be considered a security mechanism, since it prevents people from exploiting weak application directory permissions by dropping in Trojan horse versions of system DLLs" - see https://blogs.msdn.microsoft.com/larryosterman/2004/07/19/what-are-known-dlls-anyway/
Hope this helps,
ZOPPO
Thank you for this. Yes i tried to add dll in there but it says permission denied
How can i do that ?
Do the admin have access to this entry ?
Regards
Sudhansu
How can i do that ?
Do the admin have access to this entry ?
Regards
Sudhansu
I have added the following entry by opening the command prompt with Admin privileges
C:\windows\system32>REG ADD "HKEY_LOCAL_MACHINE\SYSTEM
\Session Manager\KnownDLLs" /v dwmapi /t REG_SZ /d dwmapi.dll
ERROR: Access is denied.
Can you let me know how to add the dll names here in HKEY_LOCAL_MACHINE\SYSTEM\
\Session Manager\KnownDLLs entry
C:\windows\system32>REG ADD "HKEY_LOCAL_MACHINE\SYSTEM
\Session Manager\KnownDLLs" /v dwmapi /t REG_SZ /d dwmapi.dll
ERROR: Access is denied.
Can you let me know how to add the dll names here in HKEY_LOCAL_MACHINE\SYSTEM\
\Session Manager\KnownDLLs entry
Recommended Posts
So this year I decided it was really about time I applied for the
@vExpert subprograms, and guess what! I'm in! So Thanks to our Programme Manager![2024-vExpert-PRO.png]()
![2024-vExpert-vSAN.png]()
![2024-vExpert-vSphere.png]()
![vexpert-badge-stars-2024.png]()
![vexpert-badge-year-2024.png]()
@vCommunityGuy and Sub Programme Business Units!
@vExpert subprograms, and guess what! I'm in! So Thanks to our Programme Manager
@vCommunityGuy and Sub Programme Business Units!
Exchange Server Roadmap Update.
MS have moved the release date for the next version of Exchange Server to the second half of 2025.
It requires Server and CAL licenses and will be accessible only to customers with Software Assurance,
https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-roadmap-update/ba-p/3421389
MS have moved the release date for the next version of Exchange Server to the second half of 2025.
It requires Server and CAL licenses and will be accessible only to customers with Software Assurance,
https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-roadmap-update/ba-p/3421389
