DLL Hijack Auditor is the smart tool to Audit against the Dll Hijacking Vulnerability in any Windows
application.
This is one of the critical security issue affecting almost all Windows systems. Though most of the apps have been fixed, but still many Windows applications are susceptible to this vulnerability which can allow any attacker to completely take
over the system.
DllHijackAuditor helps in
discovering all such Vulnerable Dlls in a Windows application which
otherwise can lead to successful exploitation resulting in total
compromise of the system.
With its simple GUI interface DllHijackAuditor makes it easy for anyone to instantly perform the
auditing operation. It also presents detailed technical Audit report
which can help the developer in fixing all vulnerable points in the
application.
Dll Hijack Auditor is a fully portable and works
on wide range of platforms starting from Windows XP to Windows 8.
Features
Directly & Instantly audit any Windows Application.
Allows complete testing to uncover all Vulnerable points in
the target Application
Smart Debugger based 'Interception Engine'
for consistent and efficent performance without intrusion.
Support for specifying as well as auditing of application with
custom & multiple Extensions.
Timeout Configuration to alter
the waiting time for each Application.
Generates complete auditing report (in HTML format) about all vulnerable hijack
points in the Application.
GUI based tool, makes it easy
for anyone with minimum knowledge to perform the auditing operation.
Does not require any special privilege for
auditing of the application (unless target application requires)
Free from Antivirus as it does not use any shellcodes or
exploit codes which trigger Antivirus to terminate the operation.
Fully portable tool which can be run directly on any system.
How to use?
Here are simple tests to use Dll Hijack Auditor
for auditing of any Windows application.
Launch the DllHijackAuditor after copying it on your local
system. You will see it as shown in the Screenshot 1
Now click on 'Browse' button to select application and then click on
'Start Audit' to begin the operation.
Next click on
'Exploit' button (only if it has found any vulnerable DLLs in the
previous phase) to perform real Exploitation test.
Finally click on 'Report' button to generate complete Audit report.
You can tick the check box ( 'Do not terminate application' ) to
make DllHijackAuditor to wait until you perform complete testing of all
vulnerable points within the application. Once you are done with the
testing, close the application so that DllHijackAuditor will continue
with auditing operation.
Video Demonstrations
Here is the short Video demonstration of
DllHijackAuditor auditing the Wireshark for Dll Hijack Vulnerability.
Screenshot 1: DllHijackAuditor ready for the auditing operation
Screenshot 2: DllHijackAuditor after the completion of Phase
1 (Vulnerability Testing) of auditing operation of WireShark.exe
Screenshot 3: DllHijackAuditor after the completion of Phase 2
(Exploitation) of auditing operation of WireShark.exe
Screenshot 4: Complete Audit report generated by DllHijackAuditor
as last phase of auditing operation of WireShark.exe
About Dll Hijack Vulnerability
Dll Hijack Vulnerability is the latest security issue in the Windows
platform which is being exploited widely and marked to be critical as it
affects many existing Windows applications. Microsoft has
already acknowledged about this Dll Hijack Vulnerability in this
Security
Advisory and
suggested following workaround/solution to fix this issue.
DllHijackAuditor has been tested
with all the platforms starting from Windows XP to latest operating
system, Windows 7 (on 32 bit platforms) successfully. However it is
possible that you may encounter issues and if you find any, please
report it to author. You can use this feedback form to report the bugs or
suggestions about this tool.
Known Limitations/Issues
Here are some of the known limitations or issues of this tool
Does not support auditing of 64 bit applications
Target application may not terminate sometimes and may appear to be
frozen. It will close automatically when DllHijackAuditor is closed.
Release History
Version 3.5: 14th Apr 2014
Improved GUI interface with magnifying icon effects. Also fixed few minor bugs.
Version 3.0: 15th Jan 2013
Support for Windows 8, Drag & Drop of application EXE file. Enhanced GUI interface.
Version 2.5: 26th Jan 2011
Added Installer to support local Installation & Uninstallation.
Version 2.1: 12th Sep 2010
Fixed the duplicate vuln dlls issue, error in the report result,
cleanup of test directories etc.
Version 2.0: 7th Sep 2010
Introduction of new & smart Interception Engine for consistent and
efficent performance without intrusion of process. Support for
specifying custom & multiple extensions and timeout configuration.
