How to handle Qt application automatically scanning for dlls in application install directory

Callam · wrote on 6 Mar 2025, 01:05

A bare-bones Qt application will search for system libraries such as WINMM.dll in the application install directory. This is fairly easy to reproduce with a bare-bones Qt creator project and process monitor (https://learn.microsoft.com/en-us/sysinternals/downloads/procmon). How can we protect a Qt application against dll hijacking techniques? Is there a way to tell an application to only look for particular DLLs in secure system directories, while still looking for the dynamically linked Qt libraries (e.g. Qt6Core.dll) in the application directory?

Bonnie · wrote on 6 Mar 2025, 01:26

What is "dll hijacking techniques"? It searches for WINMM.dll because Qt6Core links winmm.lib.

Callam · wrote on 6 Mar 2025, 19:14

An "attacker" of some kind could place a dummy WINMM.dll in the application directory, which would cause the application to link against the dummy library before even searching the system directories

Christian Ehrlicher · wrote on 6 Mar 2025, 20:01

And what has Qt to do with this? This is a normal windows behavior: https://learn.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order