here's the comment area for today's blog post found at
www.zabkat.com/blog/simple-dll-blocker.htm
blog: dll-be-gone
Moderators: fgagnon, nikos, Site Mods
Re: blog: dll-be-gone
Interesting. So this little .DLL basically performs a detour with 'authentication' against your list for each .DLL that is called to load.
I'm curious - is this for X² loading .DLLs only? I want to assume that since you're planning to implement it in X², that it is only going to be a watchdog against the .DLLs that X² would load, but I also want to make sure.
Also, is it in any way possible that modern (and over-zealous) anti-malware programs / suites might flag this as a potentially subversive action and try to shut it down?
On my machine, I only run the standard Windows Defender + Malwarebytes AntiMalware v5 (technically a test version). With your planned implementation, and assuming this only affects those .DLLs that X² is loading, I don't see a problem - but could heuristic analysis and / or predictive behavioral analysis by some of the more over-zealous programs / suites might have something to say about it?
I'm curious - is this for X² loading .DLLs only? I want to assume that since you're planning to implement it in X², that it is only going to be a watchdog against the .DLLs that X² would load, but I also want to make sure.
Also, is it in any way possible that modern (and over-zealous) anti-malware programs / suites might flag this as a potentially subversive action and try to shut it down?
On my machine, I only run the standard Windows Defender + Malwarebytes AntiMalware v5 (technically a test version). With your planned implementation, and assuming this only affects those .DLLs that X² is loading, I don't see a problem - but could heuristic analysis and / or predictive behavioral analysis by some of the more over-zealous programs / suites might have something to say about it?
Re: blog: dll-be-gone
no, this minhook is a tool that allows you to do low level hacking of your own program so to speak
it is flagged by 1-2 virustotal engines, that's why I don't plan to add it permanently in xplorer2
a blog will follow in a few months that will clarify the situation
it is flagged by 1-2 virustotal engines, that's why I don't plan to add it permanently in xplorer2
a blog will follow in a few months that will clarify the situation
Re: blog: dll-be-gone
Sounds like a plan, then. I'm exited to see what comes of this - and maybe if there might be a more permanent solution, so that we end-users could also control what loads. I'd love to take some of my profiles and limit some of the things that get loaded as they are specific use-case profiles, and some simply do not need anything more than basic fm commands (especially when accessing a locally-connected mobile device).
Re: blog: dll-be-gone
there is going to be a text file with blacklisted dlls (user configurable), but it is meant for problematic plugins only
Re: blog: dll-be-gone
I'm honestly not sure if you have to worry too much about AV's flagging MinHook. My screen reader, NVDA, used it for ages and never got flagged by anything as far as I'm aware. Maybe a Microsoft whitelist though.
Re: blog: dll-be-gone
Lol. But I tend to find unique and interesting 'other' uses for standard tools as it is lol.
Good to know.