Symposium sur la sécurité des technologies de l'information et des communications

Conférence francophone sur le thème de la sécurité de l'information.
Elle a eu lieu à Rennes du 5 au 7 juin 2019.

DLL shell game and other misdirectionsLucas Georges


Date : 06 juin 2019 à 09:30 — 30 min.

Windows developers use extensively shared libraries (DLLs) in order to maximize code reuse and update subcomponents independently on deployed systems. However using shared libraries also opens up a myriad of issues coming from DLL incompatibilities, also known as DLL Hell (or more generically speaking dependency hell). That's why over the years the Windows core team has implemented various magic tricks based on DLL redirection in order to keep systems up to date while retaining backwards compatibility.

In this article we will present several of these sleight of hands as well as other ways to dynamically load libraries, and some vulnerabilities that can be exploited via DLL hijacking still present in modern software.

Finally, this article also present Dependencies (https://wwww.github.com/lucasg/Dependencies.git) a tool written by the author to analyze and troubleshoot DLL dependency issues on modern Windows binaries.