I would like to prevent loading of malicious DLLs that may be possible through access of the current working directory as described in http://msdn.microsoft.com/en-us/library/ff919712(VS.85).aspx
The solution implemented in our C++ apps was to make a WinAPI call to SetDllDirectory(""), which would effectively remove the current working directory from the Windows DLL loading search path. However, it seems this solution is not available for our Delphi apps because the SetDllDirectory() function doesn't exist.
Is there an equivalent call in Delphi that does the same thing as SetDllDirectory("")? Thanks!
DSiSetDllDirectory will also take care of dynamic linking and will fail gracefully on pre-XP SP1 systems.
DSiWin32 is released as a freeware.
Calling SetDllDirectory('') doesn't work? I see that it is declared properly in the latest versions of Windows.pas. If you have a version of Delphi in which it isn't declared, you can upgrade to the latest version of Delphi, or declare it yourself.
Update: And there you go... Jens just posted the declaration.
This should do the trick: