Working with dll i got into a situation where loading a dll can cause security threat.
lets say for example when you load a DLL, it gets same access privilege as the calling process.
So if calling process is running with Admin privilege the loaded dll gets the elevated privilege of admin. Which could be a threat to system.
So is there any way of specifying at the time of loading a dll about the priviliges.
OR How can we load a DLL with lower privileges level.
Well, the DLL code will have complete access to the address space of the process.
Access to external resources (files etc) can be restricted by loading it into a sandbox.
Get an impersonation token with limited access rights/privileges
http://msdn.microsoft.com/en-us/library/aa378184.aspx
In a thread of your process, impersonate the user with limited access
http://msdn.microsoft.com/en-us/library/aa378612.aspx
Load the library, make all library function calls and unload the library from threads with impersonation turned on.
Caveat: I know nothing (absolutely nothing) about any Windows OS after XP; the above may or may not apply to Vista and the like.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.