Prevent DLL Hijacking of Core .NET Framework Libraries

Question

There is a core .NET Framework Library (mscorjit.dll) that is missing on user's computer, my .NET application tries to load the library but nothing happens (application does not crash) even if it is missing. I believe this could lead to DLL hijacking. Is there a way that I can avoid dependency on this library so that it does not look for this library when application is loaded?

I would appreciate any pointers or guidance on this issue.

I have tried removing many dependencies from the application but still the application tries to find this library during load.

Answer 1

mscorjit.dll contains the implementation of the JIT compiler in .NET 2.0 or below. In later versions it's called clrjit.dll.

And no, you cannot remove this dependency. It's part of .NET.

Answer 2

In short - no. If you can migrate from .NET Framework to .NET Core then you can try to publish your application as self-contained single-file app. Or even using using native AOT (i.e. compiled to native code).

P.S.

If the .NET Framework Library (mscorjit.dll) is hijacked on user machine then there are a lot more concerns than just some app, the whole system is compromised. If you are worried about the user messing with your app then core dll hijacking should also not be on the high priority list (.NET decompilation would be much easier approach).