如何停止对辅助隐式加载的DLL的DLL劫持 [英] How to stop DLL Hijacking for secondary IMPLICITLY loaded DLLs

问题描述

例如，COMDLG32.DLL隐式链接到以下系统DLL(以及其他):xmllite.dllmsftedit.dllsrvcli.dllwkscli.dll链接信息netutils.dllmsi.dll

For example, COMDLG32.DLL implicitly links against the following system DLLs (among others): xmllite.dll msftedit.dll srvcli.dll wkscli.dll linkinfo.dll netutils.dll msi.dll

由于这些是由操作系统隐式加载的，而不是使用LoadLibrary调用显式加载的，因此使用 SetDllDirectory 的劫持漏洞变通办法不会影响加载COMDLG32.DLL时的这些加载.

Since these are implicitly loaded by the operating system, not explicitly loaded using LoadLibrary call, the hijack vulnerability workaround using SetDllDirectory does not affect these loads being done when COMDLG32.DLL is loaded.

因此，在加载应用程序后，按Ctrl + O使用文件打开"对话框，将加载这些错误"的DLL(存在于EXE文件夹中).

Hence, after my application is loaded, and I hit Ctrl+O to use the File Open dialog, these "bad" DLLs (that exist in my EXE's folder) get loaded.

COMDLG32.DLL将那些文件加载​​到我的EXE文件夹中，而不是系统文件夹中的合法文件，即使我正在 InitInstace()<中调用 SetDllDirectory("); /code>早于启动文件打开"对话框.

COMDLG32.DLL is loading the ones in my EXE folder, not the legitimate ones in the system folder, even though I am calling SetDllDirectory(""); in InitInstace() long before I launch the File Open dialog.

如何获取系统DLL(例如COMDLG32.DLL)以为其隐式加载的DLL正确使用正确的DLL?

How can I get a system DLL (e.g. COMDLG32.DLL) to properly utilize the correct DLL for its implicitly loaded DLLs?

推荐答案

SetDllDirectory(")从DLL搜索路径中删除当前目录/工作目录，它不>对应用程序目录(您的.exe所在的位置)有任何影响.

SetDllDirectory("") removes the current/working directory from the DLL search path, it does not have any effect on the application directory (where your .exe is located).

您可以致电 <如果要限制自己进入system32目录，请使用code> SetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_SYSTEM32) .

You can call SetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_SYSTEM32) if you want to limit yourself to the system32 directory.

这篇关于如何停止对辅助隐式加载的DLL的DLL劫持的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！