How to call WinAPI function SetDllDirectory()

How to call WinAPI function SetDllDirectory() in Delphi?

up vote 3 down vote favorite 1

I would like to prevent loading of malicious DLLs that may be possible through access of the current working directory as described in http://msdn.microsoft.com/en-us/library/ff919712(VS.85).aspx The solution implemented in our C++ apps was to make a WinAPI call to SetDllDirectory(""), which would effectively remove the current working directory from the Windows DLL loading search path. However, it seems this solution is not available for our Delphi apps because the SetDllDirectory() function doesn't exist. Is there an equivalent call in Delphi that does the same thing as SetDllDirectory("")? Thanks! security delphi winapi dll setdlldirectory share|improve this question asked Oct 28 '10 at 21:27 Stephen 161

1   If you want to use a function in the Windows API (that is, a function in Windows, that looks the same in any language) that is not declared in Windows.pas, it is generally really easy to declare it yourself. All you need is the information at the MSDN, where the data types of the argument and result are specified, as is the DLL to look in. In most cases, the types used there can be used even in Delphi as well (such as HBRUSH, HWND, etc.), or you can use an equivalent type (such as cardinal, or THWND). Just don't forget to set the calling convention to stdcall. – Andreas Rejbrand Oct 28 '10 at 21:58 feedback

3 Answers

active oldest votes

up vote 5 down vote

This should do the trick: function SetDllDirectory(lpPathName:PWideChar): Bool; stdcall; external 'kernel32.dll' name 'SetDllDirectoryW'; share|improve this answer answered Oct 28 '10 at 21:43 Jens Mühlenhoff 3,730629

Keep in mind that you are static-linking to the function, so the app will require at least XP SP1 to run. If you need to run on older versions, then you need to dynamically load the function via GetProcAddress() instead. – Remy Lebeau Oct 29 '10 at 1:13 In a pre-Unicode Delphi version function SetDllDirectory(lpPathName:PAnsiChar): Bool; stdcall; external 'kernel32.dll' name 'SetDllDirectoryA'; can be used as well. – user160694 Oct 29 '10 at 7:38 @Remy: Technically correct, but if they used SetDllDirectory in their C++ applications before, I guess that would not be a problem. – Jens Mühlenhoff Oct 29 '10 at 8:26 feedback

up vote 3 down vote

Calling SetDllDirectory('') doesn't work? I see that it is declared properly in the latest versions of Windows.pas. If you have a version of Delphi in which it isn't declared, you can upgrade to the latest version of Delphi, or declare it yourself. Update: And there you go... Jens just posted the declaration. share|improve this answer edited Oct 28 '10 at 21:51 answered Oct 28 '10 at 21:40 Allen Bauer 10.2k2352

feedback

up vote 2 down vote

uses DSiWin32; if not DSiSetDllDirectory('path') then .... DSiSetDllDirectory will also take care of dynamic linking and will fail gracefully on pre-XP SP1 systems. DSiWin32 is released as a freeware.