Mixing
How to avoid DLL Hijacking by using Windows unit
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
0
I developed a Win32 app which calls Win API that uses "Windows" unit. And I believe this will call Window's system libraries such as kernel32.dll, versions.dll, etc.
But the security reviewer said there is a security issue related to preload DLL hijack and we need to implement following articles:
https://docs.microsoft.com/en-us/windows/desktop/dlls/dynamic-link-library-security
My question, since we are using "Windows" unit from VCL framework, any clue on how to implement as mentioned in the above article?
security dll vcl delphi
edited Jan 3 at 14:54
G Wimpassinger
408110
asked Jan 3 at 14:21
aurallionaurallion
69115
|
show 4 more comments
0
I developed a Win32 app which calls Win API that uses "Windows" unit. And I believe this will call Window's system libraries such as kernel32.dll, versions.dll, etc.
But the security reviewer said there is a security issue related to preload DLL hijack and we need to implement following articles:
https://docs.microsoft.com/en-us/windows/desktop/dlls/dynamic-link-library-security
My question, since we are using "Windows" unit from VCL framework, any clue on how to implement as mentioned in the above article?
security dll vcl delphi
edited Jan 3 at 14:54
G Wimpassinger
408110
asked Jan 3 at 14:21
aurallionaurallion
69115
3
That is not related to static or dynamic linking, but to Load-Time vs. Run-Time Dynamic Linking. This rules out specifying a qualified path or any LOAD_LIBRARY_SEARCH flag as well as changing any system settings from inside the program. This can probably only be solved by a system administrator.
– Uwe Raabe
Jan 3 at 15:06
4
The article is about applications using runtime dynamic linking (LoadLibrary). The Windows unit is using loadtime dynamic linking, for which the search order is controlled by the OS. SafeDllSearchMode is enabled by default.
– Ondrej Kelle
Jan 3 at 15:08
8
Those are all known dlls anyway, the OS will not search them. My advice is to have the reviewer in some training course.
– Sertac Akyuz
Jan 3 at 15:38
2
Loading from the same directory is controlled by the OS, too. Normally a trusted installer is used to install executables into directories with restricted access.
– Ondrej Kelle
Jan 4 at 9:40
2
If it's possible to access the folder that the executable is in, why would you care with dll hijacking, just replace the executable with a malicious one.
– Sertac Akyuz
Jan 4 at 11:03
|
show 4 more comments
0
0
0
I developed a Win32 app which calls Win API that uses "Windows" unit. And I believe this will call Window's system libraries such as kernel32.dll, versions.dll, etc.
But the security reviewer said there is a security issue related to preload DLL hijack and we need to implement following articles:
https://docs.microsoft.com/en-us/windows/desktop/dlls/dynamic-link-library-security
My question, since we are using "Windows" unit from VCL framework, any clue on how to implement as mentioned in the above article?
security dll vcl delphi
edited Jan 3 at 14:54
G Wimpassinger
408110
asked Jan 3 at 14:21
aurallionaurallion
69115
I developed a Win32 app which calls Win API that uses "Windows" unit. And I believe this will call Window's system libraries such as kernel32.dll, versions.dll, etc.
But the security reviewer said there is a security issue related to preload DLL hijack and we need to implement following articles:
https://docs.microsoft.com/en-us/windows/desktop/dlls/dynamic-link-library-security
My question, since we are using "Windows" unit from VCL framework, any clue on how to implement as mentioned in the above article?
security dll vcl delphi
security dll vcl delphi
edited Jan 3 at 14:54
G Wimpassinger
408110
asked Jan 3 at 14:21
aurallionaurallion
69115
edited Jan 3 at 14:54
G Wimpassinger
408110
asked Jan 3 at 14:21
aurallionaurallion
69115
edited Jan 3 at 14:54
G Wimpassinger
408110
edited Jan 3 at 14:54
G Wimpassinger
408110
edited Jan 3 at 14:54
G Wimpassinger
408110
408110
asked Jan 3 at 14:21
aurallionaurallion
69115
asked Jan 3 at 14:21
aurallionaurallion
69115
asked Jan 3 at 14:21
aurallionaurallion
69115
69115
3
That is not related to static or dynamic linking, but to Load-Time vs. Run-Time Dynamic Linking. This rules out specifying a qualified path or any LOAD_LIBRARY_SEARCH flag as well as changing any system settings from inside the program. This can probably only be solved by a system administrator.
– Uwe Raabe
Jan 3 at 15:06
4
The article is about applications using runtime dynamic linking (LoadLibrary). The Windows unit is using loadtime dynamic linking, for which the search order is controlled by the OS. SafeDllSearchMode is enabled by default.
– Ondrej Kelle
Jan 3 at 15:08
8
Those are all known dlls anyway, the OS will not search them. My advice is to have the reviewer in some training course.
– Sertac Akyuz
Jan 3 at 15:38
2
Loading from the same directory is controlled by the OS, too. Normally a trusted installer is used to install executables into directories with restricted access.
– Ondrej Kelle
Jan 4 at 9:40
2
If it's possible to access the folder that the executable is in, why would you care with dll hijacking, just replace the executable with a malicious one.
– Sertac Akyuz
Jan 4 at 11:03
|
show 4 more comments
3
That is not related to static or dynamic linking, but to Load-Time vs. Run-Time Dynamic Linking. This rules out specifying a qualified path or any LOAD_LIBRARY_SEARCH flag as well as changing any system settings from inside the program. This can probably only be solved by a system administrator.
– Uwe Raabe
Jan 3 at 15:06
4
The article is about applications using runtime dynamic linking (LoadLibrary). The Windows unit is using loadtime dynamic linking, for which the search order is controlled by the OS. SafeDllSearchMode is enabled by default.
– Ondrej Kelle
Jan 3 at 15:08
8
Those are all known dlls anyway, the OS will not search them. My advice is to have the reviewer in some training course.
– Sertac Akyuz
Jan 3 at 15:38
2
Loading from the same directory is controlled by the OS, too. Normally a trusted installer is used to install executables into directories with restricted access.
– Ondrej Kelle
Jan 4 at 9:40
2
If it's possible to access the folder that the executable is in, why would you care with dll hijacking, just replace the executable with a malicious one.
– Sertac Akyuz
Jan 4 at 11:03
3
3
That is not related to static or dynamic linking, but to Load-Time vs. Run-Time Dynamic Linking. This rules out specifying a qualified path or any LOAD_LIBRARY_SEARCH flag as well as changing any system settings from inside the program. This can probably only be solved by a system administrator.
– Uwe Raabe
Jan 3 at 15:06
That is not related to static or dynamic linking, but to Load-Time vs. Run-Time Dynamic Linking. This rules out specifying a qualified path or any LOAD_LIBRARY_SEARCH flag as well as changing any system settings from inside the program. This can probably only be solved by a system administrator.
– Uwe Raabe
Jan 3 at 15:06
4
4
The article is about applications using runtime dynamic linking (LoadLibrary). The Windows unit is using loadtime dynamic linking, for which the search order is controlled by the OS. SafeDllSearchMode is enabled by default.
– Ondrej Kelle
Jan 3 at 15:08
The article is about applications using runtime dynamic linking (LoadLibrary). The Windows unit is using loadtime dynamic linking, for which the search order is controlled by the OS. SafeDllSearchMode is enabled by default.
– Ondrej Kelle
Jan 3 at 15:08
8
8
Those are all known dlls anyway, the OS will not search them. My advice is to have the reviewer in some training course.
– Sertac Akyuz
Jan 3 at 15:38
Those are all known dlls anyway, the OS will not search them. My advice is to have the reviewer in some training course.
– Sertac Akyuz
Jan 3 at 15:38
2
2
Loading from the same directory is controlled by the OS, too. Normally a trusted installer is used to install executables into directories with restricted access.
– Ondrej Kelle
Jan 4 at 9:40
Loading from the same directory is controlled by the OS, too. Normally a trusted installer is used to install executables into directories with restricted access.
– Ondrej Kelle
Jan 4 at 9:40
2
2
If it's possible to access the folder that the executable is in, why would you care with dll hijacking, just replace the executable with a malicious one.
– Sertac Akyuz
Jan 4 at 11:03
If it's possible to access the folder that the executable is in, why would you care with dll hijacking, just replace the executable with a malicious one.
– Sertac Akyuz
Jan 4 at 11:03
|
show 4 more comments
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54024172%2fhow-to-avoid-dll-hijacking-by-using-windows-unit%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54024172%2fhow-to-avoid-dll-hijacking-by-using-windows-unit%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
3
That is not related to static or dynamic linking, but to Load-Time vs. Run-Time Dynamic Linking. This rules out specifying a qualified path or any LOAD_LIBRARY_SEARCH flag as well as changing any system settings from inside the program. This can probably only be solved by a system administrator.
– Uwe Raabe
Jan 3 at 15:06
4
The article is about applications using runtime dynamic linking (LoadLibrary). The Windows unit is using loadtime dynamic linking, for which the search order is controlled by the OS. SafeDllSearchMode is enabled by default.
– Ondrej Kelle
Jan 3 at 15:08
8
Those are all known dlls anyway, the OS will not search them. My advice is to have the reviewer in some training course.
– Sertac Akyuz
Jan 3 at 15:38
2
Loading from the same directory is controlled by the OS, too. Normally a trusted installer is used to install executables into directories with restricted access.
– Ondrej Kelle
Jan 4 at 9:40
2
If it's possible to access the folder that the executable is in, why would you care with dll hijacking, just replace the executable with a malicious one.
– Sertac Akyuz
Jan 4 at 11:03