[vlc-devel] [PATCH] win32: do not load wininet.dll on startup, it's not a Known DLL
Rémi Denis-Courmont
remi at remlab.net
Fri Mar 10 18:17:05 CET 2017
Le perjantaina 10. maaliskuuta 2017, 18.10.35 EET Jean-Baptiste Kempf a
écrit :
> On Fri, 10 Mar 2017, at 18:03, Rémi Denis-Courmont wrote:
> > Le perjantaina 10. maaliskuuta 2017, 17.50.46 EET Jean-Baptiste Kempf a
> >
> > écrit :
> > > On Fri, 10 Mar 2017, at 17:49, Rémi Denis-Courmont wrote:
> > > > You can also remove DLLs from the known list.
> > >
> > > This requires a lot of manipulation and is hard to do without breaking
> > > the whole Windows.
> >
> > AFAIK, it´s just registry keys.
>
> No it's not. They have different ACL than the usual keys, of course, and
> modifying them or removing them
> Take your Windows and try to modify those and remove kernel32.dll from
> there.
> You will get the infamous "The verification of a KnownDLL failed"
> message at reboot.
You can't load kernel32.dll at run-time anyway, since it contains the run-time
loader.
> If you can change advapi32, kernel32, user32, shell32, psapi or
> msvcrt.dll and change them to either not be KnownDLL or be modified,
> then your system security is fucked.
Sure. And if an attacker can overwrite any (other) of the MSDN documented
DLLs, I am fucked too. Whether or not it´s a known DLL.
Because plenty of executables will link them in the PE header.
--
雷米‧德尼-库尔蒙
https://www.remlab.net/
More information about the vlc-devel
mailing list