4

The DLL lookup path, as described in MSDN is:

  1. The directory where the executable module for the current process is located.
  2. The current directory.
  3. The Windows system directory. The GetSystemDirectory function retrieves the path of this directory.
  4. The Windows directory. The GetWindowsDirectory function retrieves the path of this directory.
  5. The directories listed in the PATH environment variable.

Which brings up the following doubt:

Suppose I have an executable in some directory, say: c:\execdir\myexe.exe and it loads a DLL that's found in PATH and is located in c:\dlldir\mydll.dll. Now, suppose mydll.dll tries to load another DLL with LoadLibrary. Which directory will be looked at first - c:\dlldir or c:\execdir?

I think that the lookup rules quoted above say it's going to be c:\execdir because that's allegedly "the directory where the executable module for the current process is located", but it would be nice to get a confirmation from another source.

EDIT: Also, is c:\dlldir\ looked at at all? After all, it's neither where the .exe is located, nor the "current directory" (if that is meant in the general sense).

P.S. I'm interested in both Windows XP and 7.

Eli Bendersky
  • 263,248
  • 89
  • 350
  • 412

1 Answers1

4

Yes, it is the executable directory first and it was realised this could lead to a security vulnerability under certain circumstances. There is advice on that page for ensuring your application is not compromised via this mechanism.

  • So, `c:\dlldir` is never looked at, because it's neither "where the executable is located" nor "the current directory"? – Eli Bendersky Apr 25 '11 at 13:05
  • @Eli If it isn't on the PATH, isn't the current directory or a special system directory or the directory of the original executable (let's say it is actually `c:\dlldir` rather than `c:\windows\system32` for example) then no, it won't be. –  Apr 25 '11 at 13:41