Friday, January 18, 2013

SUPPORT Dll files Remove Dll Directory function/ Thread Library


RemoveDllDirectory function

This topic has not yet been rated - Rate this topicRemoves a directory that was added to the process DLL search path by using AddDllDirectory.

Syntax

C++ BOOL WINAPI RemoveDllDirectory( _In_  DLL_DIRECTORY_COOKIE Cookie );

Parameters

Cookie [in]The cookie returned by AddDllDirectory when the directory was added to the search path.

Return value

If the function succeeds, the return value is nonzero.If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

After RemoveDllDirectory returns, the cookie is no longer valid and should not be used.Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008:  To call this function in an application, use the GetProcAddress function to retrieve its address from Kernel32.dll. KB2533623 must be installed on the target platform.

Requirements

Minimum supported clientWindows 8 [desktop apps only]Minimum supported serverWindows Server 2012 [desktop apps only]VersionKB2533623 on Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008HeaderLibLoaderAPI.h (include Windows.h);None on Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008DLLKernel32.dll









★★★★★★
DisableThreadLibraryCalls function

8 out of 8 rated this helpful - Rate this topicDisables the DLL_THREAD_ATTACH and DLL_THREAD_DETACH notifications for the specified dynamic-link library (DLL). This can reduce the size of the working set for some applications.

Syntax

C++ BOOL WINAPI DisableThreadLibraryCalls( _In_  HMODULE hModule );

Parameters

hModule [in]A handle to the DLL module for which the DLL_THREAD_ATTACH and DLL_THREAD_DETACH notifications are to be disabled. The LoadLibrary, LoadLibraryEx, or GetModuleHandle function returns this handle. Note that you cannot call GetModuleHandle with NULL because this returns the base address of the executable image, not the DLL image.

Return value

If the function succeeds, the return value is nonzero.If the function fails, the return value is zero. The DisableThreadLibraryCalls function fails if the DLL specified by hModulehas active static thread local storage, or if hModule is an invalid module handle. To get extended error information, callGetLastError.

Remarks

The DisableThreadLibraryCalls function lets a DLL disable the DLL_THREAD_ATTACH and DLL_THREAD_DETACH notification calls. This can be a useful optimization for multithreaded applications that have many DLLs, frequently create and delete threads, and whose DLLs do not need these thread-level notifications of attachment/detachment. A remote procedure call (RPC) server application is an example of such an application. In these sorts of applications, DLL initialization routines often remain in memory to service DLL_THREAD_ATTACH and DLL_THREAD_DETACH notifications. By disabling the notifications, the DLL initialization code is not paged in because a thread is created or deleted, thus reducing the size of the application's working code set. To implement the optimization, modify a DLL's DLL_PROCESS_ATTACH code to call DisableThreadLibraryCalls.Do not call this function from a DLL that is linked to the static C run-time library (CRT). The static CRT requires DLL_THREAD_ATTACH and DLL_THREAD_DETATCH notifications to function properly.Windows Phone 8: This API is supported.

Requirements

Minimum supported clientWindows XP [desktop apps | Windows Store apps]Minimum supported serverWindows Server 2003 [desktop apps | Windows Store apps]HeaderWinbase.h (include Windows.h)LibraryKernel32.libDLLKernel32.dll

See also

A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm

Article ID: 2264107 - View products that this article applies to.Support for Windows Vista Service Pack 1 (SP1) ends on July 12, 2011. To continue receiving security updates for Windows, make sure you're running Windows Vista with Service Pack 2 (SP2). For more information, refer to this Microsoft web page: Support is ending for some versions of Windows.Expand all | Collapse all

On This Page

SUMMARY

This update introduces a new registry entry CWDIllegalInDllSearch that allows users to control the DLL search path algorithm. The DLL search path algorithm is used by the LoadLibrary API and the LoadLibraryEx API when DLLs are loaded without specifying a fully qualified path. The update allows the administrator to define the following on a system-wide or a per-application basis:Remove the current working directory from the library search path.Prevent an application from loading a library from a WebDAV location.Prevent an application from loading a library from both a WebDAV, as well as a remote UNC location.Back to the top | Give Feedback

MORE INFORMATION

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:322756 How to back up and restore the registry in Windows

How the CWDIllegalInDllSearch registry entry works

When an application dynamically loads a DLL without specifying a fully qualified path, Windows tries to locate this DLL by searching through a well-defined set of directories. These sets of directories are known as DLL search path. As soon as Windows locates the DLL in a directory, Windows loads that DLL. If Windows does not find the DLL in any of the directories in the DLL search order, Windows will return a failure to the DLL load operation. The LoadLibrary function and the LoadLibraryEx function are used to dynamically load DLLs. The following is the DLL search order for these two functions:The directory from which the application loadedThe system directoryThe 16-bit system directoryThe Windows directoryThe current working directory (CWD)The directories that are listed in the PATH environment variableThe newly introduced CWDIllegalInDllSearch registry entry enables computer administrators to modify the behavior of the DLL search path algorithm that is used by LoadLibrary and by LoadLibraryEx. This registry entry could allow certain kinds of directories to be skipped. The CWDIllegalInDllSearch registry entry can be added in the following path:To use this registry entry for all the applications on a computer:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session ManagerTo use this registry entry for a specified application on a computer:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\<application binary name>The per-application registry entry always overrides the system-wide setting. This allows the system-wide setting to be set restrictively. An application-setting can then be set for any applications that do not work correctly with the system-wide setting. For example, an administrator could block a DLL from being loaded both from WebDAV and SMB by setting the system-wide setting to 2, and could then change the behavior for a particular application that requires this behavior, by setting the Image File Execution Option to 0 or 1. The value of the CWDIllegalInDllSearch registry entry modifies the behavior of LoadLibrary and of LoadLibraryEx as follows.

Scenario 1: The application is started from a local folder, such as C:\Program Files

CWDIllegalInDllSearchValueBehavior of the DLL search path in LoadLibrary and in LoadLibraryEx0xFFFFFFFFRemoves the current working directory from the default DLL search order0Uses the default DLL search path that was mentioned earlier1Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder2Blocks a DLL Load from the current working directory if the current working directory is set to a remote folder (such as a WebDAV or UNC location)No key or other valuesUses the default DLL search path that was mentioned earlier

Scenario 2: The application is started from a remote folder, such as \\remote\shareremote\share)

CWDIllegalInDllSearchValueBehavior of the DLL search path in LoadLibrary and in LoadLibraryEx0xFFFFFFFFRemoves the current working directory from the default DLL search order0Uses the default DLL search path that was mentioned earlier1Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder2Allows DLL Load from the current working directory if the current working directory is set to a remote folder (such as a WebDAV or UNC location).No key or other valuesUses the default DLL search path that was mentioned earlier

Scenario 3: The application is started from a WebDav folder, such as http://remote/share)

CWDIllegalInDllSearch ValueBehavior of the DLL search path in LoadLibrary and in LoadLibraryEx0xFFFFFFFFRemoves the current working directory from the default DLL search orderNo key or other valuesUses the default DLL search path that was mentioned earlier

Examples

Example 1: How to disable loading DLLs from a WebDAV share for all applications that are installed on your local computer

Log on to your computer as an administrator.Open Registry Editor.Locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session ManagerRight-click Session Manager, point to New, and then click Dword Value.Type CWDIllegalInDllSearch, and then click Modify.In the Value data box, type 1, and then click OK.

Example 2: How to disable loading DLLs from a WebDAV share for only a specific application that is installed on the local computer

Log on to your computer as an administrator.Open Registry Editor.Locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\<application binary name>If a key with the application binary name does not exist, then you will have to create one.Right-click <application binary name>, point to New, and then click Dword Value.Type CWDIllegalInDllSearch,and then click Modify.In the Value data box, type 1, and then click OK.

Example 3: How to disable loading DLLs from a remote (SMB) share for only a specific application installed on the local computer

Log on to your computer as an administrator.Open Registry Editor.Locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\<application binary name>If a key with the application binary name does not exist, then you will have to create one.Right-click <application binary name>, point to New, and then click Dword Value.Type CWDIllegalInDllSearch,and then click Modify.In the Value data box, type 2, and then click OK.Back to the top | Give Feedback

Fix it for me

The fix it solution described in this section is not intended to be a replacement for any security update. We recommend that you always install the latest security updates. However, we offer this fix it solution as a workaround option for customers to protect their systems while a security update is not available or cannot be installed. This fix it solution will only deploy the registry entry that is needed to block nonsecure DLL loads from WebDAV and SMB locations. Note Before you run the fix it solution, you must first download and then install update 2264107, which is described later in this article. By default, protection is disabled when you install update 2264107. Then, the protection can be configured manually as described in this article, or you can run the fix it. When you run the fix it, protection is enabled to protect against remote, nonsecure DLL loads. To manually undo the setting changed by the fix it solution, you can reset the value of the following CWDIllegalInDLLSearch registry entry to 0 (zero):HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDLLSearchA setting of 0 will undo the changes that are made by the fix it solution. To automatically enable or disable this fixit solution, click the Fix it button or link under the Enable this fix it heading or under the Disable this fix it heading. Click Run in the File Downloaddialog box, and then follow the steps in the Fix it wizard.Enable this fix itDisable this fix itFix this problem Microsoft Fix it 50522Fix this problem Microsoft Fix it 50523















★★★★

No comments:

Post a Comment