Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Microsoft Known DLL

Tags:

windows

dll

HKML\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs

What is the purpose of the KnownDLLs?(To load some Dlls faster?)

If I have a admin's token, I can control the registry values.
Isn't there any security hole?

Why did Microsoft support the feature?

like image 668
Benjamin Avatar asked Aug 24 '10 11:08

Benjamin

People also ask

What is known DLL?

Certain operating system–supplied DLLs get special treatment. These are called known DLLs. They are just like any other DLL except that the operating system always looks for them in the same directory in order to load them.

Where can I find Microsoft DLL?

Your DLL files are located in C:\Windows\System32. When Windows Defender runs a Full Scan, it includes that directory and so all of your DLLs will be scanned. This will scan your DLL files for any malware infections.

Can DLL files be malware?

Most DLL files are very useful and aid in the process of running your applications. However, others are malicious, acting as browser hijackers or Trojan horses. These programs can alter your system and allow intruders to gain remote access to your system.

What is MS DLL?

A DLL is a library that contains code and data that can be used by more than one program at the same time. For example, in Windows operating systems, the Comdlg32 DLL performs common dialog box related functions. Each program can use the functionality that is contained in this DLL to implement an Open dialog box.

1 Answers

The only thing KnownDLLs does is prevent implicitly loaded DLLs being loaded from the applications folder.

For security reasons, the only folder that a "KnownDll" is valid in is c:\Windows\System32 (or your localized equivalent) - and this folder is 2nd on the search list after the folder of the process.

In essence, it prevents rogue copies of system dll's - such as kernel32.dll - being loaded from an applications folder.

It doesn't stop an an application loading a dll using a fully qualified path. It doesn't stop a lengthy search of the path or the discovery of system dlls in the path - system32 is always searched before those locations anyway.

like image 65
Chris Becke Avatar answered Sep 22 '22 14:09

Chris Becke
Sign in to Comment

Related questions

Unresolved external symbol printf in Windows x64 Assembly Programming with NASM
How do you compile static pthread-win32 lib for x64?
Windows 'dir' command, Order By Name AND <something>
Register an application to a URL protocol (all browsers) via installer
Programmatically start application on login
How do you schedule a daily script run on Windows XP?
How do patches and service packs work?
Installing a .inf file using a windows batch file
Register DLL in GAC without Assembly Manifest
How do I determine if a computer is running XP Service pack 3
Getting the name of a DLL from within the dll
Changing python interpreter windows
How to get the length of IStream? C++
Killing a process in Batch and reporting on success
powershell character encoding from System.Net.WebClient
Best way to display diagnostic text in Windows OpenGL
What is the best way for a WinForms application to determine exactly which Windows operating system it is running on?
How do i read the eventlog of windows service
In-Proc SxS opens for shell extension in managed code?
Is there a selectable label control?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!