DLLs are files on the Microsoft Windows Operating System that offer shared functionality to multiple applications (that is my one-phrase definition). To see what DLLs are used by an executable you can use a utility like dependency walker.
Before Windows can use the DLL it needs to be registered. Remember that in a 32-bit environment the a standard location for DLLs is %windir%\system32 and on 64-bit systems you have to take into account that the 64-bit version is stored in %windir%\syswow64.
To register a DLL:
C:\Windows\System32\regsvr32 filename.dll
To unregister a DLL:
C:\Windows\System32\regsvr32 -u path\filename.dll
This is something I learned being a sysadmin a while back but what I learned this week with the Security Bulletin MS15-078 is how to disable them by renaming them and then re-enabling this.
Disabling the dll:
cd dir_path_of_dll
C:\Windows\System32\takeown.exe /f filename.dll
C:\Windows\System32\icacls.exe filename.dll /save filename.dll.acl
C:\Windows\System32\icacls.exe filename.dll /grant Administrators:(F)
rename filename.dll x-filename.dll
You need a reboot of the OS to take effect.
Enabling the dll:
rename x-filename.dll filename.dll
C:\Windows\System32\icacls.exe filename.dll /setowner "NT SERVICE\TrustedInstaller"
C:\Windows\System32\icacls.exe filename.dll /restore filename.dll.acl
You need a reboot of the OS to take effect.
1 comment:
Nice.
Note however that only the ActiveX version of a DLL has to be registered.
Normal DLLs don't need to be registered and can be used without registration.
Post a Comment