Skip to main content


Home DLL hijacking

DLL hijacking

DLL hijacking definition

DLL hijacking refers to a technique used by attackers to exploit the way applications load Dynamic Link Libraries (DLLs). It is also known as DLL preloading and DLL side-loading.

See also: sideloading

How does DLL hijacking work

  1. 1.Application dependency. Since many applications depend on external DLL files to provide additional functionality, upon launch apps search for the required DLL files in specific locations, following a specific order.
  2. 2.Vulnerability exploitation. Sometimes, attackers can exploit vulnerabilities in apps that do not securely load DLLs. So they place a malicious DLL with the same name as the expected DLL in a location where the application searches.
  3. 3.Malicious DLL execution. When the application is launched and attempts to load the DLL, it mistakenly loads the malicious DLL instead of the legitimate one.
  4. 4.Consequences. DLL hijacking can lead to various security risks. For example, attackers can execute malicious code, escalate privileges, or steal sensitive information.

DLL hijacking prevention

  • Apply security patches. Keep all software up to date with the latest security patches to address known DLL hijacking vulnerabilities.
  • Secure DLL loading. Applications should use secure loading techniques, such as specifying the full path or using secure library loading functions.
  • DLL signature verification. Verify the digital signatures of DLL files to ensure their authenticity.