We have a large application build in C++ builder, that at startup looks at a folder and loads all the present dll files. I figured this might not be such a good thing and tried my thoughts by creating a dll that only fired up a web browser and opened a picture with the word owned :P
Anyway, it worked. So the system could be compromised in any way by a dll being switched out or a new one added. Remote admin access, format drives, you name it.
So my thoughts went toward trying to plug this hole. What's the best practice for this? I was thinking of some kind of signing of the dll's. Having the .exe holding a list of names of valid dll's doesn't actually solve it since a dll could be replaces. A list of names and checksums would work, but would be nice to keep the auto-loading feature but only load correctly signed dll's.
Edit: I'm looking into using signtool.exe which seems to do the job. But I can't find any good reference as how to actually check the signature of the dll in C++ afterwards. Anyone who has a link?
It sounds like you are vulnerable to the dll hijacking exploit which affected basically everything written for Windows (and yet another example of how Microsoft couldn't secure a brick.). Microsoft has recommendations for mitigating this flaw.