Forum > General
Hardening application against DLL hijacking - find dll executable path
ArminLinder:
Any ideas how I can harden my application against DLL hiackjing (aka putting a fake dll into the dll search path so it is loaded instead of the intended dll). Specifically I am asking this regarding the two OpenSSL libraries.
I am on Windows (10/11) and Linux (Debian, Ubuntu).
The standard approach was to link statically, I guess, like described here: https://forum.lazarus.freepascal.org/index.php?topic=15712.0
Another and probably more practical approach was that my application detects that the dlls have been tampered with, and terminates/refuses to work. For this to work I'd have to find the path to the executable of the actual library code loaded by loadlibrary, calculate the hash and compare it with the known hash of the original library. Can I find the path to a dll executable after it has been loaded by the OS?
Thnx, Armin.
alpine:
I've never done this, but on Windows it must be achievable with: GetCurrentProcessId() -> OpenProcess() -> EnumProcessModules() -> GetModuleFileNameEx()
MarkMLl:
I suspect there might be a problem where the OS tries to reuse a DLL/shared-object which is already in memory, I have a very vague recollection of the search path being ignored and in any event the name of the library is not the full path of the file from which it was loaded.
If in any doubt at all, link security- or safety-related libraries statically.
MarkMLl
440bx:
--- Quote from: Nimral on June 29, 2022, 09:57:34 am ---Any ideas how I can harden my application against DLL hiackjing (aka putting a fake dll into the dll search path so it is loaded instead of the intended dll).
--- End quote ---
If you're using LoadLibrary to load the dll, the simplest way is to specify the full path to the dll in the LoadLibrary call. That guarantees only the dll at that location can be loaded.
HTH.
Thaddy:
Finding the dll is not hardening at all. It is a security risk.
Hence since about 30 years ago MS provided relocation for such code. 30 YEARS.
Trying to re-invent wheels, you usually come up with a Hexagon at best....
Most SSL libraries allow for relocation for precisely that. ;D
If they don't, don't use.
Finding the dll is easy, but using and abusing it should be difficult. And it is....
Navigation
[0] Message Index
[#] Next page