0

If any dummy system DLL is placed in my application folder my application loads the dummy DLL and causes an error.

For example: create version.dll in application folder and run the application will display this error:

Testscapi: TESTSCAPI.exe - Bad Image

D:\TESTApplications\TestSCAPI\VERSION.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support. Error status 0xc0000020.

OK

Actually version.dll is a system DLL that is overridden by the dummy DLL placed in the application folder.

How to avoid the Delphi application from using the dummy DLL in the application path? Mentioned version.dll is for example, it could be any system DLL...

Thanks in advance.

Anto Raja Prakash
  • 1,328
  • 8
  • 12
  • What problem are you trying to solve by creating the dummy DLL in the first place? – Keith Miller Nov 19 '19 at 11:04
  • 1
    It is the OS that determines the search order. The topic is rather wide, so I suggest you read about it at [this link](https://learn.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order) – Tom Brunberg Nov 19 '19 at 11:25
  • 2
    Your application should reside in an appropriate folder, like `C:\Program Files\Prakash Software\Prakash Bitmap Editor\`. This folder is protected, so normally applications and users cannot put their own DLLs there by accident. – Andreas Rejbrand Nov 19 '19 at 11:45
  • 1
    Don't put these bogus DLLs in the application folder in the first place. – David Heffernan Nov 19 '19 at 12:48
  • For the scenario i mentioned it as Bogus DlLLs,in actual case if hacker can put DLLs in the name of any System DLLs and get Administrator access as my application run with Administrator Privilege.Application is placed in program files folder only. – Anto Raja Prakash Nov 20 '19 at 05:14
  • @AntoRajaPrakash `Program Files` is protected from non-admin access by default, so if the hacker can place a bogus DLL in your app folder while it is installed in such a protected location, then the hacker already has admin rights and doesn't need to deal with using a bogus DLL in the first place – Remy Lebeau Nov 20 '19 at 06:52
  • 2
    @AntoRajaPrakash per [MSDN documentation](https://learn.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order): "*Important If an attacker gains control of one of the directories that is searched, it can place a malicious copy of the DLL in that directory. **For ways to help prevent such attacks, see [Dynamic-Link Library Security](https://learn.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-security)**.*" – Remy Lebeau Nov 20 '19 at 06:56

0 Answers0