How to prevent a system DLL from being loaded by my own app

Just starting out? Need help? Post your questions and find answers here.
Post Reply
firace
Addict
Addict
Posts: 946
Joined: Wed Nov 09, 2011 8:58 am

How to prevent a system DLL from being loaded by my own app

Post by firace »

Is there any way of blocking a Windows system DLL from being loaded into my process? Perhaps through some kind of hook? Or another trick (that does not impact the system or other processes)?

Note: If that matters, I'm using Win 10, x64.

For instance, in the below example, can I prevent my application from loading "C:\Windows\System32\riched20.dll" and thus prevent the EditorGadget from loading/appearing?

Code: Select all


OpenWindow(0, 0, 0, 580, 650, "TEST", #PB_Window_SizeGadget | #PB_Window_MaximizeGadget | #PB_Window_MinimizeGadget)

StringGadget(1,10,10,100,20,"TEST")

;; can we prevent the load of comctl32.dll from the System directory

If EditorGadget(2,10,50,300,500) : EndIf 

Repeat : Until WaitWindowEvent() = #PB_Event_CloseWindow
I realize that may cause a crash in this particular example. I hope this question does not sound too weird - What I'm trying to do is prevent certain legacy Windows DLLs from ever loading into one of my applications, to reduce the possible attack surface.

EDIT 1: Perhaps a simpler approach than hooks:
Isn't it possible to load my own version of comctl32.dll (from my EXE directory) instead of the system32 version? I tried that but it doesn't seem to work (the system32 instance still gets loaded)

EDIT 2: For other system DLLs, it seems to work:
Placing a local copy of riched20.dll in the same directory as my EXE actually works (and prevents the system32 copy from being loaded), but for some reason this does not work for other DLLs such as comctl32.dll. Any ideas why?
Top
User avatar
chi
Addict
Addict
Posts: 1087
Joined: Sat May 05, 2007 5:31 pm
Location: Austria

Re: How to prevent a system DLL from being loaded by my own

Post by chi »

from https://social.msdn.microsoft.com/Forum ... =vcgeneral
Unfortunately: 1. comctl32.dll v6 is not redistributable so you can't distribute it privately, 2. .local redirection doesn't work for any KnownDLLs and system32\comctl32.dll is probably a KnownDll, and 3. The entire .local redirection mechanism is disabled for apps that are known to be WinSxS aware - i.e. have a manifest.
Et cetera is my worst enemy
Top
User avatar
spikey
Enthusiast
Enthusiast
Posts: 750
Joined: Wed Sep 22, 2010 1:17 pm
Location: United Kingdom

Re: How to prevent a system DLL from being loaded by my own

Post by spikey »

I'm a bit surprised you didn't get the same outcome for riched20.dll - I'd have expected the same result for both files.
Top
Post Reply

Return to “Coding Questions”