I would like to prevent loading of malicious DLLs that may be possible through access of the current working directory as described in http://msdn.microsoft.com/en-us/library/ff919712(VS.85).aspx
The solution implemented in our C++ apps was to make a WinAPI call to SetDllDirectory(""), which would effectively remove the current working directory from the Windows DLL l开发者_StackOverflow中文版oading search path. However, it seems this solution is not available for our Delphi apps because the SetDllDirectory() function doesn't exist.
Is there an equivalent call in Delphi that does the same thing as SetDllDirectory("")? Thanks!
This should do the trick:
function SetDllDirectory(lpPathName:PWideChar): Bool; stdcall; external 'kernel32.dll' name 'SetDllDirectoryW';
Calling SetDllDirectory('') doesn't work? I see that it is declared properly in the latest versions of Windows.pas. If you have a version of Delphi in which it isn't declared, you can upgrade to the latest version of Delphi, or declare it yourself.
Update: And there you go... Jens just posted the declaration.
uses DSiWin32;
if not DSiSetDllDirectory('path') then
....
DSiSetDllDirectory will also take care of dynamic linking and will fail gracefully on pre-XP SP1 systems.
DSiWin32 is released as a freeware.
精彩评论