Skip to content

Commit 952cba4

Browse files
PMEds28PMEds28
authored
Merge pull request #2632 from corob-msft/cr-dependent-load-flag-update
/DEPENDENTLOADFLAG revision per discussion
2 parents fec0c35 + 664f171 commit 952cba4

1 file changed

Lines changed: 28 additions & 11 deletions

File tree

docs/build/reference/dependentloadflag.md

Lines changed: 28 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,21 @@
11
---
22
title: "/DEPENDENTLOADFLAG (Set default dependent load flags)"
3-
description: "The /DEPENDENTLOADFLAG option sets default flags for DLLs loaded using LoadLibrary"
4-
ms.date: "12/22/2018"
3+
description: "The /DEPENDENTLOADFLAG option sets default dependent load flags for DLLs loaded by this module."
4+
ms.date: "01/22/2020"
55
f1_keywords: ["dependentloadflag"]
66
helpviewer_keywords: ["LINK tool [C++], dependent load flags", "-DEPENDENTLOADFLAG linker option", "linker [C++], DEPENDENTLOADFLAG", "DEPENDENTLOADFLAG linker option", "/DEPENDENTLOADFLAG linker option"]
77
---
88
# /DEPENDENTLOADFLAG (Set default dependent load flags)
99

10-
Sets the default load flags used when `LoadLibrary` is used to load DLLs.
10+
::: moniker range="vs-2015"
11+
12+
The **/DEPENDENTLOADFLAG** option requires Visual Studio 2017 or later.
13+
14+
::: moniker-end
15+
16+
::: moniker range=">=vs-2017"
17+
18+
Sets the default load flags used when the operating system resolves the statically linked imports of a module.
1119

1220
## Syntax
1321

@@ -16,17 +24,23 @@ Sets the default load flags used when `LoadLibrary` is used to load DLLs.
1624
### Arguments
1725

1826
*load_flags*<br/>
19-
An optional "C"-style 16-bit integer value in decimal, octal with a leading zero, or hexadecimal with a leading `0x`, that specifies the dependent load flags to apply to all [LoadLibrary](/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryexw) calls. The default value is 0.
27+
An optional integer value that specifies the load flags to apply when resolving statically linked import dependencies of the module. The default value is 0. For a list of supported flag values, see the `LOAD_LIBRARY_SEARCH_*` entries in [LoadLibraryEx](/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryexw).
2028

2129
## Remarks
2230

23-
This option is new in Visual Studio 2017. It applies only to apps running on Windows 10 RS1 and later versions. This option is ignored by other operating systems that run the app.
31+
When the operating system resolves the statically linked imports of a module, it uses the [default search order](/windows/win32/dlls/dynamic-link-library-search-order). Use the **/DEPENDENTLOADFLAG** option to specify a *load_flags* value that changes the search path used to resolve these imports. On supported operating systems, it changes the static import resolution search order, similar to what [LoadLibraryEx](/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryexa) does when using `LOAD_LIBRARY_SEARCH` parameters. For information on the search order set by *load_flags*, see [Search order using LOAD_LIBRARY_SEARCH flags](/windows/win32/dlls/dynamic-link-library-search-order#search-order-using-load_library_search-flags).
2432

25-
On supported operating systems, this option has the effect of changing calls to `LoadLibrary("dependent.dll")` to the equivalent of `LoadLibraryEx("dependent.dll", 0, load_flags)`. Calls to [LoadLibraryEx](/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryexw) are unaffected. This option doesn't apply recursively to DLLs loaded by your app.
33+
This flag can be used to make one [DLL planting attack](/windows/win32/dlls/dynamic-link-library-security) vector more difficult. For example, consider an app that has statically linked a DLL:
2634

27-
This flag can be used to make [DLL planting attacks](/windows/win32/dlls/dynamic-link-library-security) more difficult. For example, if an app uses `LoadLibrary` to load a dependent DLL, an attacker could plant a DLL with the same name in the search path used by `LoadLibrary`, such as the current directory, which may be checked before system directories if safe DLL search mode is disabled. Safe DLL search mode places the user's current directory later in the search order, and is enabled by default on Windows XP SP2 and later versions. For more information, see [Dynamic-Link Library Search Order](/windows/win32/Dlls/dynamic-link-library-search-order).
35+
- An attacker could plant a DLL with the same name earlier in the import resolution search path, such as the application directory. Protected directories are more difficult - but not impossible - for an attacker to change.
2836

29-
If you specify the link option `/DEPENDENTLOADFLAG:0xA00` (the value of the combined flags `LOAD_LIBRARY_SEARCH_APPLICATION_DIR | LOAD_LIBRARY_SEARCH_SYSTEM32`), then even if safe DLL search mode is disabled on the user's computer, the DLL search path is limited to the application directory, followed by the %windows%\system32 directory. An option of `/DEPENDENTLOADFLAG:0x800` is even more restrictive, limiting search to the %windows%\system32 directory. Protected directories are more difficult - but not impossible - for an attacker to change. For information on the flags available, and their symbolic and numeric values, see the *dwFlags* parameter description in [LoadLibraryEx](/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryexw). For information on the search order used when various dependent load flags are used, see [Search order using LOAD_LIBRARY_SEARCH flags](/windows/win32/dlls/dynamic-link-library-search-order#search-order-using-load_library_search-flags).
37+
- If the DLL is missing from the application, %windows%\system32, and %windows% directories, import resolution falls through to the current directory. An attacker could plant a DLL there.
38+
39+
In both cases, if you specify the link option `/DEPENDENTLOADFLAG:0x800` (the value of the flag `LOAD_LIBRARY_SEARCH_SYSTEM32`), then the module search path is limited to the %windows%\system32 directory. It offers some protection from planting attacks on the other directories. For more information, see [Dynamic-Link Library Security](/windows/win32/dlls/dynamic-link-library-security).
40+
41+
To see the value set by the **/DEPENDENTLOADFLAG** option in any DLL, use the [DUMPBIN](dumpbin-reference.md) command with the [/LOADCONFIG](loadconfig.md) option.
42+
43+
The **/DEPENDENTLOADFLAG** option is new in Visual Studio 2017. It applies only to apps running on Windows 10 RS1 and later versions. This option is ignored by other operating systems that run the app.
3044

3145
### To set the DEPENDENTLOADFLAG linker option in the Visual Studio development environment
3246

@@ -43,8 +57,11 @@ If you specify the link option `/DEPENDENTLOADFLAG:0xA00` (the value of the comb
4357
## See also
4458

4559
- [MSVC linker reference](linking.md)
46-
- [MSVC Linker Options](linker-options.md)
47-
- [Link an executable to a DLL](../linking-an-executable-to-a-dll.md#linking-implicitly)
48-
- [Link an executable to a DLL](../linking-an-executable-to-a-dll.md#determining-which-linking-method-to-use)
60+
- [MSVC linker options](linker-options.md)
61+
- [Link an executable to a DLL implicitly](../linking-an-executable-to-a-dll.md#linking-implicitly)
62+
- [Determine which linking method to use](../linking-an-executable-to-a-dll.md#determining-which-linking-method-to-use)
4963
- [LoadLibraryEx](/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryexw)
5064
- [Dynamic-Link Library Search Order](/windows/win32/Dlls/dynamic-link-library-search-order)
65+
- [Dynamic-Link Library Security](/windows/win32/dlls/dynamic-link-library-security)
66+
67+
::: moniker-end

0 commit comments

Comments
 (0)