LoadLibrary from another DLL

2019-06-25 13:55发布

问题:

The DLL lookup path, as described in MSDN is:

  1. The directory where the executable module for the current process is located.
  2. The current directory.
  3. The Windows system directory. The GetSystemDirectory function retrieves the path of this directory.
  4. The Windows directory. The GetWindowsDirectory function retrieves the path of this directory.
  5. The directories listed in the PATH environment variable.

Which brings up the following doubt:

Suppose I have an executable in some directory, say: c:\execdir\myexe.exe and it loads a DLL that's found in PATH and is located in c:\dlldir\mydll.dll. Now, suppose mydll.dll tries to load another DLL with LoadLibrary. Which directory will be looked at first - c:\dlldir or c:\execdir?

I think that the lookup rules quoted above say it's going to be c:\execdir because that's allegedly "the directory where the executable module for the current process is located", but it would be nice to get a confirmation from another source.

EDIT: Also, is c:\dlldir\ looked at at all? After all, it's neither where the .exe is located, nor the "current directory" (if that is meant in the general sense).

P.S. I'm interested in both Windows XP and 7.

回答1:

Yes, it is the executable directory first and it was realised this could lead to a security vulnerability under certain circumstances. There is advice on that page for ensuring your application is not compromised via this mechanism.