Are you aware of DLL hijacking? If yes, let’s suppose there is a program that executes the following line of code:
LoadLibrary('riched32.dll');
Its executable has the following name: “i_use_riched32.exe” (just as an example).
Now, take a look at the following contents of a directory containing this executable, the screenshots were taken of three tools: Explorer, FTK Imager Lite, The Sleuth Kit (each one points to the same directory).
Is the “riched32.dll” library hijacked for the “i_use_riched32.exe” executable? Let’s assume that no attempts to hijack the library have been made outside of the directory shown above.
