Dynamic Link Library (DLL)

Security+ 🏆 • Secure Development ⚙️ • Threats ⚠️ • Difficulty: premium

Definition

A Dynamic Link Library is a file, usually with a .dll extension on Windows, that contains reusable code and resources programs load at runtime. DLLs support modular software design, but they can also be abused if attackers can influence which DLL a program loads.

Examples

A Windows application loads a DLL to use shared functions like networking, graphics, or authentication.
An attacker places a malicious DLL in a folder searched before the legitimate DLL, causing the application to run attacker code.

Discover 🔎

Windows software commonly relies on shared libraries so that many applications can reuse the same code. DLLs are the main way this reuse happens. The benefit is efficiency and consistency. The risk is that loading external code becomes part of normal execution. If the wrong library is loaded, the program can run attacker code while appearing to behave normally.

Remember: DLLs are executable code. A DLL is not just a support file. When it loads, it runs inside the program that loaded it.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.