This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 0%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Hello Team,
I want to know one thing that if application install in program file or program files x86 directory. And to perform dll injection I have to inject malicious dll in program file or program files X86. I tested from both admin access as well as normal access.
through normal access I was not able write dll in program files but through admin access i was able to performed dll injection. so can we consider it is dll injection or not.
Typically, the phrase "Dll injection" is used to mean programmatically loading your dll into a running process. An example of injection would be using a windows hook to load a dll into a process.
The phrase "Dll hijack" is used to mean finding a way to have the victim application load your dll instead of the correct binary. Copying your dll into an application folder to replace the original binary would be a hijack.
Thanks for your response. I tested dll hijacking through both admin and normal access.
As i mentioned application installed in program files folder. Through normal user I was not able to perform dll hijack but through admin access I was able to copy my dll to program files. so my doubt we can consider this dll vulnerability where we need admin access to performed. i hope you will get my doubt.
As a practical matter, you cannot fully defend against an untrustworthy user that has Administrator privileges.
So, we can not defend from dll hijack if user has admin access ryt? there is no any mitigation to prevent from dll injection if user has admin access ryt?
You need to take a broader view. Untrustworthy Administrators don't need to hijack your dll. They can install malware or otherwise perform bad acts on systems they control.
Got it Thank you very much RLWA32. Can you share some mitigation for dll hijacking in details.
Take a look at the mitigations discussed in the answers and comments contained in https://learn.microsoft.com/en-us/answers/questions/1221405/how-do-i-prevent-dll-preloading-attacks-when-linki
is it possible to mitigate dll hijacking by implement validation in source code that application only load signed dll files only?
If you install your application and its dlls in a secure file system location (the application folder) you should be reasonably protected against dll hijacking.
What risk are you mitigating by validating signed dlls that reside in a secure location?
I just want to ask that is it possible to implement that application validate the dll file before loading from any path. or is it enough to implement application loads dll only from secure location.
Implement whatever validation procedures you want to use. In my opinion ensuring that you load DLLs from a secure location is sufficient to mitigate risks posed by a standard user. If a bad actor with Administrator privilege has access it's already game over.