We are planning to update an Exe to uiaccess = true and moving to the secure location.
a. Is it required to move the dependent dlls too?
b. Did we need to sign and create uiaccess = true manifest for these GUI dlls?
We are planning to update an Exe to uiaccess = true and moving to the secure location.
a. Is it required to move the dependent dlls too?
b. Did we need to sign and create uiaccess = true manifest for these GUI dlls?
a. Yes, you should move dependent dlls to the secure location. Otherwise, the UIAccess application would be subject to DLL hijacking.
b. uiaccess = true relates to a process. It has no meaning for a DLL. In my quick and dirty test on Win 10 21H1 the system permitted loading an unsigned dll into a UIAccess enabled process.
Thank you for the quick reply.
What we observed that the startup linked dlls should be in the secure location. But the runtime loaded dlls are not mandatory. Is any idea on this?Yes, you should move dependent dlls to the secure location. Otherwise, the UIAccess application would be subject to DLL hijacking.
Any dependent DLL (load-time linkage) located in the dynamic-link-library-search-order will be loaded into the UIAccess process at process start-up. And loading DLLs with LoadLibrary(Ex) at run-time from an insecure location is counter to the objective of securing the UIAccess application.
12 people are following this question.