如何隐式加载仅签名的DLL [英] How to implicitly load only signed DLL s
问题描述
我有一个与dll文件集链接的应用程序。我隐式加载DLL而不经历不安全的LoadLibrary()调用。我正在考虑使用证书文件对DLL进行签名,以避免DLL劫持。我怀疑如何隐式链接检查我的DLL是否已签名。
I have an application which is linked with set of dll files. I am loading the DLL s implicitly without going through insecure LoadLibrary() calls. I am thinking of signing the DLL s with a certificate file to avoid DLL hijacking. I have a doubt that how can implicit linking checks whether my DLL s are signed or not.
推荐答案
您应该添加一个清单依赖项使用 MANIFESTDEPENDENCY 链接器选项,然后设置 publicKeyToken
到用于签名dll的密钥。
You should add a manifest dependency using the MANIFESTDEPENDENCY linker option and set publicKeyToken
to the key used to sign the dlls.
例如
/manifestdependancy:type='win32' name='mydll' language='*' publicKeyToken='1234567890ABCDEF0'
然后Windows将拒绝加载您的应用程序,除非存在符合上述条件的dll。
Windows will then refuse to load your application unless the dll matching the above conditions is present.
这篇关于如何隐式加载仅签名的DLL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!