How can we protect ourselves from other third parties installing DLLs with the same names as some of ours into C:\WINDOWS?

Question

Our product includes several DLLs built from open source into files with default names as delivered by the open source developers. We're careful to install the files in our own directories and we carefully manage the search path (only for our processes) to keep the loader happy.

Another developer -- a towering intellect -- decided it would be easier to install their own build of some of the same open source into C:\WINDOWS under the same default DLL filenames. Consequently, when we launch a process which depends on these open source DLLs, the system searches C:\WINDOWS before our directories and finds the DLLs installed by the other developer. And they are, of course, incompatible.

Ideas which have occurred to me so far:

• rename all our DLLs to avoid the default names, which would only make it less likely we would encounter collisions
• load all our DLLs by full path so the loader captures their names into RAM and doesn't search anywhere else the next time they are requested

For various reasons, neither of these options is palatable at the moment.

What else can we do to defend ourselves against the towering intellects of the world?

Answer 1

You've got only two options: deploy the DLL in the same directory as the EXE (that's where Windows looks first) or using manifests and deploy the DLL to the Windows side-by-side cache. I don't think the latter option is common in the Open Source world but it is the only real fix if you want to share DLLs between different apps.