Monday 06 July 2026 16:05:05 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

DLL search order

The sequence Windows uses to look for a DLL when an application requests one.

DLL search order is the sequence Windows follows when an application asks to load a Dynamic Link Library (DLL). It checks several locations, such as the application folder, system directories, and other configured paths, until it finds a matching file name. The exact order depends on the process configuration and Windows settings.

This matters because attackers can abuse predictable search behavior. If a legitimate program loads a DLL by name only, a malicious file placed in an earlier search location may be loaded instead. That is the basis of DLL sideloading and binary planting, common techniques for running malware through trusted software. Defenders watch for unexpected DLLs near signed executables, libraries loaded from writable or nonstandard paths, and parent-child chains that do not match normal software behavior. Tightening DLL search rules and monitoring module loads can reduce this risk.

← WIKICROOK index