Click here to Skip to main content
15,884,628 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more: , +
Hi All,

Before negative voting I would like to read my question to fully understand my situation.

I am working on WPF application where we create a portable tool for specific function.

My problem is that we are facing DLL Hijacking issue when we place any Test DLL inside the Application directory.

The test DLL used is d3d9.dll. Though we are not referring this DLL directly our application is getting hacked due DLL Order of execution.

How can we solve this issue.

Since we are using a portable tool we can't hardcode any DLL path. We are wondering how to prevent indirect DLLs such as d3d9.dll not to trigger if it is not a legitimate DLL.

Please let us know how do I avoid DLL Hijacking issue

What I have tried:

We have tried to check all the DLLs inside the Application and checking the validity of signature use in that DLL. But even before our validity check method executes the Test DLL such as d3d9.dll is triggered and making the application vulnerable
Richard MacCutchan 1-Apr-23 4:13am    
How exactly is this "hacking" being done?
KUMAR619 1-Apr-23 12:24pm    
Our infosec team is doing some meta exploit method to get the endpoint of d3d9.dll and they are using the same method to override the system DLLs due to order or DLL execution
DLL hijacking is happening for d3d9.dll which is a system DLL. In windows there is order of execution of a DLL. If we place a DLL where preference is high then the system DLL is never triggered. Our Infosec team is using Meta exploit method to get the methods of a DLL and truing to replicate the same methods and doing their own logic which is vulnerable to DLL Hijacking.

It is not only for that DLL it happens for all DLL.

We are never referring the d3d9.dll but it is called from Presentation Core DLL which is found under .Net Framework
Richard MacCutchan 1-Apr-23 12:58pm    
That does not explain anything.
KUMAR619 1-Apr-23 13:16pm    
Generally whenever we add any system reference to our project it call that DLL whenever that is require. Those DLL will also trigger other DLLs indirectly.

For example PresentationCore.dll is a system DLL which we can find in .NET Framework folder. That PresentationCore.dll calls d3d9.dll. Even though we are not using d3d9.dll directly but it is used by PresentationCore.dll which we have used in our project. That's why when a hacker user a malicious DLL with the same method of d3d9.dll it is getting hijacked.

Can you help me to get rid of this issue
Richard MacCutchan 2-Apr-23 3:48am    
Make sure that no one who is not authorised has access to any of your systems.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900