How to avoid DLL hijacking in WPF application

Question

0.00/5 (No votes)

See more:

, +

Hi All,

Before negative voting I would like to read my question to fully understand my situation.

I am working on WPF application where we create a portable tool for specific function.

My problem is that we are facing DLL Hijacking issue when we place any Test DLL inside the Application directory.

The test DLL used is d3d9.dll. Though we are not referring this DLL directly our application is getting hacked due DLL Order of execution.

How can we solve this issue.

Since we are using a portable tool we can't hardcode any DLL path. We are wondering how to prevent indirect DLLs such as d3d9.dll not to trigger if it is not a legitimate DLL.

Please let us know how do I avoid DLL Hijacking issue

What I have tried:

We have tried to check all the DLLs inside the Application and checking the validity of signature use in that DLL. But even before our validity check method executes the Test DLL such as d3d9.dll is triggered and making the application vulnerable

Posted 31-Mar-23 8:01am

KUMAR619

Add a Solution

Comments

Richard MacCutchan 1-Apr-23 4:13am

How exactly is this "hacking" being done?

KUMAR619 1-Apr-23 12:24pm

Our infosec team is doing some meta exploit method to get the endpoint of d3d9.dll and they are using the same method to override the system DLLs due to order or DLL execution
DLL hijacking is happening for d3d9.dll which is a system DLL. In windows there is order of execution of a DLL. If we place a DLL where preference is high then the system DLL is never triggered. Our Infosec team is using Meta exploit method to get the methods of a DLL and truing to replicate the same methods and doing their own logic which is vulnerable to DLL Hijacking.

It is not only for that DLL it happens for all DLL.

We are never referring the d3d9.dll but it is called from Presentation Core DLL which is found under .Net Framework

Richard MacCutchan 1-Apr-23 12:58pm

That does not explain anything.

KUMAR619 1-Apr-23 13:16pm

Generally whenever we add any system reference to our project it call that DLL whenever that is require. Those DLL will also trigger other DLLs indirectly.

For example PresentationCore.dll is a system DLL which we can find in .NET Framework folder. That PresentationCore.dll calls d3d9.dll. Even though we are not using d3d9.dll directly but it is used by PresentationCore.dll which we have used in our project. That's why when a hacker user a malicious DLL with the same method of d3d9.dll it is getting hijacked.

Can you help me to get rid of this issue

Richard MacCutchan 2-Apr-23 3:48am

Make sure that no one who is not authorised has access to any of your systems.

[no name] 1-Apr-23 11:23am

Your "problem" is a lack of a proper test environment. Your "pathing" problems are due to not "deploying" in order to test. It's YOUR "test" DLL, after all. Not "somebody" hacking as you're implying.

KUMAR619 1-Apr-23 12:38pm

DLL hijacking is happening for d3d9.dll which is a system DLL. In windows there is order of execution of a DLL. If we place a DLL where preference is high then the system DLL is never triggered. Our Infosec team is using Meta exploit method to get the methods of a DLL and truing to replicate the same methods and doing their own logic which is vulnerable to DLL Hijacking.

It is not only for that DLL it happens for all DLL.

We are never referring the d3d9.dll but it is called from Presentation Core DLL which is found under .Net Framework

[no name] 2-Apr-23 12:41pm

.NET addresses "dll hell"; your shop, in it's infinite wisdom, has decided that is not for them and has defined its own "order of execution".

TimWallace 21-Jun-23 6:45am

Kumar, you are not getting any answers because you have not clearly stated your problem. Please rethink how to word your question. Also, you may want to be more forthcoming about what your application is supposed to do. There are a lot of smart people on this dight, but they can only help if they have a clear description of all the facts.

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)