DLL Hijacking in PowerBuilder

0
votes

I have a 32 bit desktop application developed in PowerBuilder 2017 R3. This application doesn't make any explicit DLL calls (I mean no external functions are used.) Still my application is infected with DLL Hijacking. When I launch the application, the windows loader looks for some DLLs (some are required to connect with Sybase database, some are windows) and I want to prevent this issue. Is there any simpler approach to fix this? All the PB Runtime DLLs are copied in the directory where the exe is available. Will installing the application in Program Files help here?

2
powerbuilderdll-injection
What do you mean by “is infected”? “Looking for DLLs” is standard Windows behaviour, so preventing this risk isn’t an option. You don’t say it explicitly, but are you saying that your program is not installed in \Program Files or \Program Files (x86)? Windows expects this, and provides additional protection in those folders. - Terry
Even though I install the application in Program files location, the windows looks for some DLLs (in this case sybase client dlls) in mutiple locations including C:\Users\ where user has full access to add a malicious dll with same name. Now in this case, Sybase client is third party application and can't be installed in Program files (it installs as C:\Sybase) I need to force the application to look for the dll in Sybase directory only (or first.) How can this be achieved? - Suhas Shravagi
You’re asking how to override default Windows functionality; this is how Windows searches for DLLs. You can tell the user to keep his system path down to a minimum (always a good idea... looks like the user has been adding junk if it is looking in Users) and put the Sybase search entries at the top of the list. That’s about it, without switching to another operating system. - Terry
When you say "put the Sybase search entries at the top of the list" how can this be done? Classpath? - Suhas Shravagi
architectryan.com/2018/03/17/add-to-the-path-on-windows-10 - Terry

2 Answers

1
votes

When you are installing your application, you should create an entry into the Windows registry HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths to specify the path the application uses to locate supporting files.

See this document

0
votes

Remove the following path :
C:\Program Files (x86)\Sybase\Shared\PowerBuilder. But PB IDE will not work any more .