Re: dll question

From:

"Ben Voigt [C++ MVP]" <rbv@newsgroups.nospam>

Newsgroups:

microsoft.public.vc.language

Date:

Fri, 8 May 2009 14:20:21 -0500

Message-ID:

<eICHJIB0JHA.4800@TK2MSFTNGP06.phx.gbl>

"Kursat" <kursattheking@gmail.com> wrote in message
news:ufFUpQ6zJHA.2084@TK2MSFTNGP02.phx.gbl...

Hi,

Is it possible to prevent loading libraries (dll) or making library calls
in a process? For example: I have an application and I expect a dll from a
third party but I don't want the third party dll load another dll or call
functions from it. I just run functions from that dll in some kind of
restricted environment. What do you think ?

You can use debugger hooks to detect and block loading additional DLLs. You
could use managed code and set partial trust. You can inspect the import
table of the DLL and check that all imported functions are on a whitelist
(exclude LoadLibrary and GetProcAddress) -- but this won't stop a skilled
hacker.

You could run inside a sandbox (VM or a separate process as a separate user)
which hasn't enough privileges to do real damage even if unauthorized code
is run.

Actually only a sandbox will work because otherwise the malicious code could
just statically link what it needs for mischief and not load any DLLs.

Thank in advance.