Page 1 of 1
blog: dll-be-gone
Posted: 2024 Mar 12, 10:21
by nikos
here's the comment area for today's blog post found at
www.zabkat.com/blog/simple-dll-blocker.htm
Re: blog: dll-be-gone
Posted: 2024 Mar 12, 15:44
by johngalt
Interesting. So this little .DLL basically performs a detour with 'authentication' against your list for each .DLL that is called to load.
I'm curious - is this for X² loading .DLLs only? I want to assume that since you're planning to implement it in X², that it is only going to be a watchdog against the .DLLs that X² would load, but I also want to make sure.
Also, is it in any way possible that modern (and over-zealous) anti-malware programs / suites might flag this as a potentially subversive action and try to shut it down?
On my machine, I only run the standard Windows Defender + Malwarebytes AntiMalware v5 (technically a test version). With your planned implementation, and assuming this only affects those .DLLs that X² is loading, I don't see a problem - but could heuristic analysis and / or predictive behavioral analysis by some of the more over-zealous programs / suites might have something to say about it?
Re: blog: dll-be-gone
Posted: 2024 Mar 12, 17:07
by nikos
no, this minhook is a tool that allows you to do low level hacking of your own program so to speak
it is flagged by 1-2 virustotal engines, that's why I don't plan to add it permanently in xplorer2
a blog will follow in a few months that will clarify the situation
Re: blog: dll-be-gone
Posted: 2024 Mar 12, 20:06
by johngalt
Sounds like a plan, then. I'm exited to see what comes of this - and maybe if there might be a more permanent solution, so that we end-users could also control what loads. I'd love to take some of my profiles and limit some of the things that get loaded as they are specific use-case profiles, and some simply do not need anything more than basic fm commands (especially when accessing a locally-connected mobile device).
Re: blog: dll-be-gone
Posted: 2024 Mar 13, 08:59
by nikos
there is going to be a text file with blacklisted dlls (user configurable), but it is meant for problematic plugins only
Re: blog: dll-be-gone
Posted: 2024 Mar 14, 15:53
by Quin
I'm honestly not sure if you have to worry too much about AV's flagging MinHook. My screen reader, NVDA, used it for ages and never got flagged by anything as far as I'm aware. Maybe a Microsoft whitelist though.
Re: blog: dll-be-gone
Posted: 2024 Mar 14, 16:25
by johngalt
nikos wrote: ↑2024 Mar 13, 08:59
there is going to be a text file with blacklisted dlls (user configurable), but it is meant for problematic plugins only
Lol. But I tend to find unique and interesting 'other' uses for standard tools as it is lol.
Quin wrote: ↑2024 Mar 14, 15:53
I'm honestly not sure if you have to worry too much about AV's flagging MinHook. My screen reader, NVDA, used it for ages and never got flagged by anything as far as I'm aware. Maybe a Microsoft whitelist though.
Good to know.