Library DLL Files

O

OpenSource Ghost

Limp Gawd
Joined
Feb 14, 2022
Messages
237
How is it that Windows DLL Library files come with digital signatures, but can be changed without altering the signature specified in those libraries? Shouldn't editing library files make it fail verify against its provided signature or are only some parts of library files are protected?

Is it best to separate library files on per-app basis for safety? For example, you can have VC++ libraries installed system-wide (in System32 and SysWOW64 directories) or you can place VC++ library files in directory of executable files that require such library files. If several running apps use the same libraries from the same system-wide directory, doesn't that increase chance of information leakage when it comes to handles, threads, and system calls?
 
Normally no a signed dll using something like this (By an organisation that bought a vendor trusted key and able to sign them):
https://learn.microsoft.com/en-us/dotnet/framework/tools/signtool-exe

Should generate a hash of the binary that windows will compare it at runtime.

Which signed DLL from which vendor (were they nvidia-amd signed drivers dll type ?) were you able to change ?
 
I wasn't able to change or tried to change any. I was looking at malware library files and didn't realize executable files came along with those library files.
 
You must log in or register to reply here.
Back
Top