Presenting DllHijackAuditor – Smart Tool to Audit Dll Hijack Vulnerability

DllHijackAuditor is the FREE tool to Audit against the  DLL Hijacking Vulnerability for any Windows application. This is recently discovered critical security issue affecting almost all Windows systems on the planet. It appears that large amount of Windows applications are currently susceptible to this vulnerability which can allow any attacker to completely take over the system.


[Update (7th Sep 2010): DllHijackAuditor v2 is Released now with new & smart Debugger based Interception Engine]


In this direction, DllHijackAuditor helps in discovering all such Vulnerable Dlls in a Windows application which otherwise can lead to successful exploitation resulting in total compromise of the system. With its simple GUI interface DllHijackAuditor makes it easy for anyone to instantly perform the auditing operation. It also presents detailed technical Audit report which can help the developer in fixing all vulnerable points in the application.



Here are some of the prominent features of DllHijackAuditor

  • Directly & Instantly audit any Windows application.
  • Allows complete testing to uncover all Vulnerable points in the target application
  • Generates complete Auditing report (in HTML format) about all vulnerable hijack points in the Application.
  • GUI based tool, makes it easy for anyone with minimum knowledge to perform the auditing operation.
  • Does not require any special privilege for auditing of the application (unless target application requires)
  • Free from Antivirus as it does not use any shellcodes or exploit codes which trigger Antivirus to terminate the operation.
  • Application does not have to be registered with any file extension.
  • Does not require any external third party tools
  • No installation is required., you can just copy and run anywhere.


This tool works on the similar 2 phase lines of operations as that of DllHijackAuditKit by HD Moore. Though it was great tool kit for sweep scanning of all applications, I found some limitations with it. Mainly it helped with applications which are associated with any extension.  So naturally applications which are currently not associated with any extension, were not tested by this toolkit.  Also only launch time auditing was done, there was no scope for auditing all points in the application.

So I  found the strong need for the special tool which will help any one to test a particular application completely and also providing detailed Audit report which will further assist in fixing all the Dll Hijack vulnerability in the application.  This is the story behind the birth of DllHijackAuditor.


I would like to thank EvilFingers who ignited the spark with above idea to create such a tool and regards to HD for paving the path with his smart work on DllHijackAuditKit.


For more information and to Download, visit the main page of DllHijackAuditor.


We welcome any bug reports/suggestions/feeedbacks on this tool.




Similar posts
  • SecurityXploded Mentorship Programme ... I am writing this blog to share my SecurityXploded Student Mentorship Programme experience with the future students of this programme. My mentorship programme started last year in August when I was in 2nd year of MS at IIIT-Allahabad. I knew about SecurityXploded community since I used to follow their blogs, training programmes and security tools [...]
  • Code Injection and API Hooking Techni... Hooking covers a range of techniques used for many purposes like debugging, monitoring, intercepting messages, extending functionality etc. Hooking is also used by a lot of rootkits to camouflage themselves on the system. Rootkits use various hooking techniques when they have to hide a process, hide a network port, redirect file writes to some different [...]
  • Announcement – SecurityXploded ... From the past two years we are working actively on couple of projects to support the security community. As you all may already know that we have successfully completed our reversing and malware analysis training programme and we are very glad that it was very helpful for everyone. In my opinion the success of any [...]
  • Advanced Malware Analysis Training Se... Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 2) Dissecting the HeartBeat  RAT Functionalities   This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting various Communications Of HeartBeat [...]
  • Advanced Malware Analysis Training Se...   Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 1) Reversing & Decrypting Communications of HeartBeat RAT This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting The [...]


2 Pings/Trackbacks

  1. […] Security Blog by Nagareshwar » Blog Archive » Presenting … […]

  2. August 31, 2010    

    Good 😀

  3. August 31, 2010    

    In firefox 3.6.8 don’t find vulnerable dll => dwmapi.dll

  4. August 31, 2010    

    As per the exploit.db report, it is vulnerable to only specific extensions ‘.htm .html .jtx .mfp’ . This is what is causing the failure in the detection as DllHijackAuditor uses generic extension ‘.audit’ for every application. So with this extension, Firefox does not load the dwmapi.dll and hence escaping the detection.

    Firefox is one of those rare application which falls to prey only for those specific extension. To prevent this, in the next version, I will allow the user to specify extension in such cases that should fix this kind of problems.

    This indeed great find, Thanks Clshack for taking your time for verification and reporting it.

  5. August 31, 2010    

    Thank you for writing this software, very useful with DLLHijackAuditKit v2.

    Wait for the next release to write a review on my blog: D

    Good work: D

  6. […] the first version of DllHijackAuditor which was released last week, we have encountered few major issues such as inconsistent results for […]

  7. September 7, 2010    

    DllHijackAuditor v2 is released now, check out more information here,

  1. TV show CSI popularized forensics. How accurate is that show compared to real life forensics work? | Lights Off Now on August 31, 2010 at 1:25 am
  2. Security Blog by Nagareshwar » Blog Archive » Released DllHijackAuditor v2 with New & Smart Interception Engine on September 7, 2010 at 10:56 pm

Leave a Reply

Our Company

Follow us on Facebook

Join Mailing List

Get direct access to our expert trainers or mingle with like minded security folks in our mailing list