DLL Dynamic-Link Library Search Order -- Window

2020-12-13 13:53

阅读:386

标签:des   http   io   os   ar   for   sp   strong   on   

http://msdn.microsoft.com/en-us/library/windows/desktop/ms682586(v=vs.85).aspx

A system can contain multiple versions of the same dynamic-link library (DLL).

Applications can control the location from which a DLL is loaded by specifying a full path or

using another mechanism such as a manifest.

If these methods are not used, the system searches for the DLL at load time as described in this topic. 

  • Factors That Affect Searching
  • Search Order for Windows Store apps
    • Standard Search Order for Windows Store apps
    • Alternate Search Order for Windows Store apps
  • Search Order for Desktop Applications
    • Standard Search Order for Desktop Applications
    • Alternate Search Order for Desktop Applications
    • Search Order Using LOAD_LIBRARY_SEARCH Flags
  • Related topics

Factors That Affect Searching

The following factors affect whether the system searches for a DLL:

  • If a DLL with the same module name is already loaded in memory, the system checks only for redirection and a manifest before resolving to the loaded DLL, no matter which directory it is in. The system does not search for the DLL.
  • If the DLL is on the list of known DLLs for the version of Windows on which the application is running, the system uses its copy of the known DLL (and the known DLL‘s dependent DLLs, if any) instead of searching for the DLL. For a list of known DLLs on the current system, see the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs.
  • If a DLL has dependencies, the system searches for the dependent DLLs as if they were loaded with just their module names. This is true even if the first DLL was loaded by specifying a full path.

 Search Order for Windows Store apps

When a Windows Store app loads a packaged module by calling the LoadPackagedLibraryfunction, the DLL must be in the package dependency graph of the process. For more information, see LoadPackagedLibrary. When a Windows Store app loads a module by other means and does not specify a full path, the system searches for the DLL and its dependencies at load time as described in this section.

Windows 7, Windows Server 2008 R2, Windows Vista, Windows Server 2008, Windows Server 2003, and Windows XP:  Windows Store apps are supported starting with Windows 8 and Windows Server 2012.

Before the system searches for a DLL, it checks the following:

  • If a DLL with the same module name is already loaded in memory, the system uses the loaded DLL, no matter which directory it is in. The system does not search for the DLL.
  • If the DLL is on the list of known DLLs for the version of Windows on which the application is running, the system uses its copy of the known DLL (and the known DLL‘s dependent DLLs, if any). The system does not search for the DLL. For a list of known DLLs on the current system, see the following registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs.

If the system must search for a module or its dependencies, it always uses the search order for Windows Store apps even if a dependency is not Windows Store app code.

Standard Search Order for Windows Store apps

If the module is not already loaded or on the list of known DLLs, the system searches these locations in this order:

  1. The package dependency graph of the process. This is the application‘s package plus any dependencies specified as  in the  section of the application‘s package manifest. Dependencies are searched in the order they appear in the manifest.
  2. The directory the calling process was loaded from.
  3. The system directory (%SystemRoot%\system32).

If a DLL has dependencies, the system searches for the dependent DLLs as if they were loaded with just their module names. This is true even if the first DLL was loaded by specifying a full path.

Alternate Search Order for Windows Store apps

If a module changes the standard search order by calling the LoadLibraryEx function withLOAD_WITH_ALTERED_SEARCH_PATH, the system searches the directory the specified module was loaded from instead of the directory of the calling process. The system searches these locations in this order:

  1. The package dependency graph of the process. This is the application‘s package plus any dependencies specified as  in the  section of the application‘s package manifest. Dependencies are searched in the order they appear in the manifest.
  2. The directory the specified module was loaded from.
  3. The system directory (%SystemRoot%\system32).

Search Order for Desktop Applications

Desktop applications can control the location from which a DLL is loaded by specifying a full path, using DLL redirection, or by using a manifest. If none of these methods are used, the system searches for the DLL at load time as described in this section.

Before the system searches for a DLL, it checks the following:

  • If a DLL with the same module name is already loaded in memory, the system uses the loaded DLL, no matter which directory it is in. The system does not search for the DLL.
  • If the DLL is on the list of known DLLs for the version of Windows on which the application is running, the system uses its copy of the known DLL (and the known DLL‘s dependent DLLs, if any). The system does not search for the DLL. For a list of known DLLs on the current system, see the following registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs.

If a DLL has dependencies, the system searches for the dependent DLLs as if they were loaded with just their module names. This is true even if the first DLL was loaded by specifying a full path.

Important  If an attacker gains control of one of the directories that is searched, it can place a malicious copy of the DLL in that directory. For ways to help prevent such attacks, see Dynamic-Link Library Security.

Standard Search Order for Desktop Applications

The standard DLL search order used by the system depends on whether safe DLL search mode is enabled or disabled. Safe DLL search mode places the user‘s current directory later in the search order.

Safe DLL search mode is enabled by default. To disable this feature, create theHKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode registry value and set it to 0. Calling the SetDllDirectoryfunction effectively disables SafeDllSearchMode while the specified directory is in the search path and changes the search order as described in this topic.

Windows XP:  Safe DLL search mode is disabled by default. To enable this feature, create theSafeDllSearchMode registry value and set it to 1. Safe DLL search mode is enabled by default starting with Windows XP with Service Pack 2 (SP2).

If SafeDllSearchMode is enabled, the search order is as follows:

  1. The directory from which the application loaded.
  2. The system directory. Use the GetSystemDirectory function to get the path of this directory.
  3. The 16-bit system directory. There is no function that obtains the path of this directory, but it is searched.
  4. The Windows directory. Use the GetWindowsDirectory function to get the path of this directory.
  5. The current directory.
  6. The directories that are listed in the PATH environment variable. Note that this does not include the per-application path specified by the App Paths registry key. The App Paths key is not used when computing the DLL search path.

If SafeDllSearchMode is disabled, the search order is as follows:

  1. The directory from which the application loaded.
  2. The current directory.
  3. The system directory. Use the GetSystemDirectory function to get the path of this directory.
  4. The 16-bit system directory. There is no function that obtains the path of this directory, but it is searched.
  5. The Windows directory. Use the GetWindowsDirectory function to get the path of this directory.
  6. The directories that are listed in the PATH environment variable. Note that this does not include the per-application path specified by the App Paths registry key. The App Paths key is not used when computing the DLL search path.

Alternate Search Order for Desktop Applications

The standard search order used by the system can be changed by calling the LoadLibraryExfunction with LOAD_WITH_ALTERED_SEARCH_PATH. The standard search order can also be changed by calling the SetDllDirectory function.

Windows XP:  Changing the standard search order by calling SetDllDirectory is not supported until Windows XP with Service Pack 1 (SP1).

If you specify an alternate search strategy, its behavior continues until all associated executable modules have been located. After the system starts processing DLL initialization routines, the system reverts to the standard search strategy.

The LoadLibraryEx function supports an alternate search order if the call specifiesLOAD_WITH_ALTERED_SEARCH_PATH and the lpFileName parameter specifies an absolute path.

Note that the standard search strategy and the alternate search strategy specified byLoadLibraryEx with LOAD_WITH_ALTERED_SEARCH_PATH differ in just one way: The standard search begins in the calling application‘s directory, and the alternate search begins in the directory of the executable module that LoadLibraryEx is loading.

If SafeDllSearchMode is enabled, the alternate search order is as follows:

  1. The directory specified by lpFileName.
  2. The system directory. Use the GetSystemDirectory function to get the path of this directory.
  3. The 16-bit system directory. There is no function that obtains the path of this directory, but it is searched.
  4. The Windows directory. Use the GetWindowsDirectory function to get the path of this directory.
  5. The current directory.
  6. The directories that are listed in the PATH environment variable. Note that this does not include the per-application path specified by the App Paths registry key. The App Paths key is not used when computing the DLL search path.

If SafeDllSearchMode is disabled, the alternate search order is as follows:

  1. The directory specified by lpFileName.
  2. The current directory.
  3. The system directory. Use the GetSystemDirectory function to get the path of this directory.
  4. The 16-bit system directory. There is no function that obtains the path of this directory, but it is searched.
  5. The Windows directory. Use the GetWindowsDirectory function to get the path of this directory.
  6. The directories that are listed in the PATH environment variable. Note that this does not include the per-application path specified by the App Paths registry key. The App Paths key is not used when computing the DLL search path.

The SetDllDirectory function supports an alternate search order if the lpPathName parameter specifies a path. The alternate search order is as follows:

  1. The directory from which the application loaded.
  2. The directory specified by the lpPathName parameter of SetDllDirectory.
  3. The system directory. Use the GetSystemDirectory function to get the path of this directory. The name of this directory is System32.
  4. The 16-bit system directory. There is no function that obtains the path of this directory, but it is searched. The name of this directory is System.
  5. The Windows directory. Use the GetWindowsDirectory function to get the path of this directory.
  6. The directories that are listed in the PATH environment variable. Note that this does not include the per-application path specified by the App Paths registry key. The App Paths key is not used when computing the DLL search path.

If the lpPathName parameter is an empty string, the call removes the current directory from the search order.

SetDllDirectory effectively disables safe DLL search mode while the specified directory is in the search path. To restore safe DLL search mode based on the SafeDllSearchMode registry value and restore the current directory to the search order, call SetDllDirectory with lpPathName as NULL.

Search Order Using LOAD_LIBRARY_SEARCH Flags

An application can specify a search order by using one or more LOAD_LIBRARY_SEARCH flags with the LoadLibraryEx function. An application can also use LOAD_LIBRARY_SEARCH flags with the SetDefaultDllDirectories function to establish a DLL search order for a process. The application can specify additional directories for the process DLL search order by using theAddDllDirectory or SetDllDirectory functions.

Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008:  TheLOAD_LIBRARY_SEARCH flags are available on systems with KB2533623 installed.

Windows Server 2003 and Windows XP:  The LOAD_LIBRARY_SEARCH flags are not supported.

The directories that are searched depend on the flags specified with SetDefaultDllDirectoriesor LoadLibraryEx. If more than one flag is used, the corresponding directories are searched in the following order:

  1. The directory that contains the DLL (LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR). This directory is searched only for dependencies of the DLL to be loaded.
  2. The application directory (LOAD_LIBRARY_SEARCH_APPLICATION_DIR).
  3. Paths explicitly added with the AddDllDirectory function (LOAD_LIBRARY_SEARCH_USER_DIRS) or the SetDllDirectory function. If more than one path has been added, the order in which the paths are searched is unspecified.
  4. The System directory (LOAD_LIBRARY_SEARCH_SYSTEM32).

If the application does not call LoadLibraryEx with any LOAD_LIBRARY_SEARCH flags or establish a DLL search order for the process, the system searches for DLLs using either the standard search order or the alternate search order.

Related topics

AddDllDirectory
Application Registration
Dynamic-Link Library Redirection
Dynamic-Link Library Security
LoadLibrary
LoadLibraryEx
LoadPackagedLibrary
SetDefaultDllDirectories
SetDllDirectory

DLL Dynamic-Link Library Search Order -- Window

标签:des   http   io   os   ar   for   sp   strong   on   

原文地址:http://www.cnblogs.com/shangdawei/p/4056967.html


评论


亲,登录后才可以留言!