LoadLibrary Calls, Returned Pointers Not Saved

Question

I am fixing up someone else's code and noticed that the person calls LoadLibrary several times, as per below:

LoadLibrary("C:\\Windows\\SysWOW64\\msjint40");
LoadLibrary("C:\\Windows\\SysWOW64\\msjtes40");
LoadLibrary("C:\\Windows\\SysWOW64\\expsrv");

What is the point of this? The return pointers are not saved! The program later then calls a bunch of other DLL's that do use functions from MSJTES40, but not in the context of where the libraries are loaded.

The comment says - "else preload to optimize", but how does the rest of the program know where the DLL's are?

Thanks for any info.

Answer 1

LoadLibrary brings the specified module into the address space. Libraries can't be loaded twice, so doing this causes the preload (the loaded module may have other dependencies) so this could be viewed as an optimization. The second call to the library (where they use the return value) should complete faster.

See the documentation

If the specified module is a DLL that is not already loaded for the calling process, the system calls the DLL's DllMain function with the DLL_PROCESS_ATTACH value.

Also from the documentation.

Do not make assumptions about the operating system version based on a LoadLibrary call that searches for a DLL. If the application is running in an environment where the DLL is legitimately not present but a malicious version of the DLL is in the search path, the malicious version of the DLL may be loaded

Assuming a hard-coded DLL location opens your program up to all sorts of mischief!