Weekly Shaarli

All links of one week in a single page.

Week 09 (February 27, 2023)

DLL hijacking with exported functions. Example: Microsoft Teams - cocomelonc

You can use this program but I wrote a simple python script which enumerates the exported functions from the provided DLL (dll-def.py)

A simple way to prevent DLL hijacking from happening would be for applications to always use absolute paths instead of relative ones. Although some applications (notably portable ones) will not always be able to do so, applications located in \system32\ and relying on DLLs in the same folder have no excuse for doing otherwise. The better option, which only very few Windows executables seem to do, is to verify all DLLs before loading them (e.g. by checking their signatures) - this would largely eliminate the problem.