A DLL ( dynamic link library ) → is a library that contains code .dll and data that can be used by more than one program at the same time.
DLL Hijacking is a sneaky trick used by cyber attackers to take control of your computer. They do this by slipping a bad file, called a DLL, into a place where your computer looks for good files when it's running a program. This can let them do all sorts of harmful stuff on your computer without you even knowing.
Here's how it goes down: DLL Hijacking operates on the principle that Windows searches for DLLs in a specific order when an application is launched.
First, it checks the directory where the application is located, then the system directories, and finally the directories listed in the system's PATH environment variable.
Attackers take advantage of this by placing a malicious DLL with the same name as the one the application is programmed to load in a directory that's searched before the legitimate one. Once the application is launched, it loads the malicious DLL instead, granting attackers control over the execution flow.
System File Locations versus PATH Environment Variable
- System File Locations: Windows looks in specific directories like System32 and SysWOW64 for crucial files like DLLs. These directories are reserved for system files, ensuring stability and security.
- PATH Environment Variable: the PATH variable contains a list of directories where Windows searches for executable files and DLLs. It's not limited to system directories and can include user-defined locations.
Summary:
- DLL Hijacking is a sneaky move where cyber attackers trick your computer into using a bad file instead of a good one.
- They put the bad file in a spot your computer checks first, so it gets loaded up first when you open a program.
- This lets hackers get into your computer and do all sorts of harmful things without you even noticing.
- To stay safe, make sure your computer's software is up-to-date, and be careful about where you download files from.