[vlc-devel] [PATCH 1/4] [RFC] direct3d11: add a way to (re)store the device in the global context

Remi Denis-Courmont remi at remlab.net
Tue Nov 21 16:34:01 CET 2017

Le 2017-11-21 12:13, Steve Lhomme a écrit :
> Given our DLL security model it's not possible to have the device
> handled by a separate DLL. Modules can only load DLLs from System32 on
> Windows.

For the last time, do not call that a security model. This is utterly 
misleading; it just gives a false sense of security to users and 
developpers. If it were a security feature, VLC.exe would NOT load 
libvlc.dll, then libvlccore.dll then plugins from its installation 
directory. Not to mention a whole bunch of other things that indirectly 
lead to RCE in there.

I do not deny that LibVLC.dll should load LibVLCcore.dll, plugins, data 
and underlying libraries from *its* directory rather than from the 
application directory. But good luck getting that to work on Windows. 
And in the mean time, it is an unimplemented feature, so it is rather 
disturbing if you consider it a security issue.

> So another way to use a DLL could be to load it as a separate module
> with specific callbacks.

You can also do that. It requires much more boilerplate code and is 

Rémi Denis-Courmont

More information about the vlc-devel mailing list