4

The DLL lookup path, as described in MSDN is:

  1. The directory where the executable module for the current process is located.
  2. The current directory.
  3. The Windows system directory. The GetSystemDirectory function retrieves the path of this directory.
  4. The Windows directory. The GetWindowsDirectory function retrieves the path of this directory.
  5. The directories listed in the PATH environment variable.

Which brings up the following doubt:

Suppose I have an executable in some directory, say: c:\execdir\myexe.exe and it loads a DLL that's found in PATH and is located in c:\dlldir\mydll.dll. Now, suppose mydll.dll tries to load another DLL with LoadLibrary. Which directory will be looked at first - c:\dlldir or c:\execdir?

I think that the lookup rules quoted above say it's going to be c:\execdir because that's allegedly "the directory where the executable module for the current process is located", but it would be nice to get a confirmation from another source.

EDIT: Also, is c:\dlldir\ looked at at all? After all, it's neither where the .exe is located, nor the "current directory" (if that is meant in the general sense).

P.S. I'm interested in both Windows XP and 7.

Eli Bendersky
  • 248,051
  • 86
  • 340
  • 401
  • I don't understand what you're confused about after reading the docs. It seems pretty clear to me. Why would loading a second DLL change the path lookup sequence? – Cody Gray Apr 25 '11 at 13:06
  • @Cody: because it's the second DLL that's doing the loading and not the .exe - the .exe isn't even aware of that 2nd DLL which is being loaded from the first – Eli Bendersky Apr 25 '11 at 13:07
  • @Hans: thanks, I edited with another relevant question – Eli Bendersky Apr 25 '11 at 13:07
  • c:\dlldir is implicitly looked at. Otherwise the DLL would never be found. Only two of the 5 rules could apply: PATH or current dir. – Hans Passant Apr 25 '11 at 13:13

1 Answers1

4

Yes, it is the executable directory first and it was realised this could lead to a security vulnerability under certain circumstances. There is advice on that page for ensuring your application is not compromised via this mechanism.

  • So, `c:\dlldir` is never looked at, because it's neither "where the executable is located" nor "the current directory"? – Eli Bendersky Apr 25 '11 at 13:05
  • @Eli If it isn't on the PATH, isn't the current directory or a special system directory or the directory of the original executable (let's say it is actually `c:\dlldir` rather than `c:\windows\system32` for example) then no, it won't be. –  Apr 25 '11 at 13:41