Some time ago, I described the TEMP directory as a hot tub whose water hasn’t been changed in over a year. The Downloads folder is in a similar situation: There’s all sorts of unrelated junk in there, some of which may not be very friendly to your health.
Starting in Windows 10 Version 1607,¹ you can set attributes on your executable to tell the system how to look for the DLLs to which your executable links statically.² To do this, pass the /DEPENDENTLOADFLAG:nnnn command line option to the linker, where nnnn is a value corresponding to some combination of the LOAD_ values that can be passed to the LoadLibraryEx function.
By far the most useful value is LOAD_, which means “Look in the system32 directory and nowhere else.”
To do this, pass /DEPENDENTLOADFLAG:0x800.
Versions of Windows that do not support this option merely ignore it, so it’s okay to set this option unconditionally.
¹ Windows 10 Version 1607 goes by several other names: The Anniversary Update, Build 14393, and the RS1 release. It’s kind of silly, really.
² Note that the dependent load flag applies only to DLLs that are loaded as a consequence of resolving the module’s static imports. DLLs loaded dynamically via LoadLibrary or LoadLibraryEx follow the normal rules.
Since sometime in the palaeozoic, all my systems wipe the TEMP directory on boot. Good point about the Downloads directory though, I should add a “delete items over age X” thing to it.
Of course some good guy working for our beloved manufacturer who really cares about the security of Windows and its users^Wcustomers might add the NTFS ACE (D;OIIO;WP;;;WD) to %SystemRoot%\Temp\ and %SystemRoot%\SystemTemp\ as well as all %USERPROFILE%\Downloads\ and all %LOCALAPPDATA%\Temp\ directories — better yet to every %USERPROFILE%\, to %PUBLIC%\, to %ProgramData%\, to %SystemRoot%\DriverStore\ etc.
Quite surprised this isn’t in the normal linker options pages. Either way set on my little utility that is very likely to be affected by this and would have been best having this set ages ago.
But how is this attribute stored in the PE file?
From the Microsoft official PE Format documentation, this is in the Load Config Table data directory. This data directory corresponds to the IMAGE_LOAD_CONFIG_DIRECTORY structure that you can find in winnt.h. This has a field named DependentLoadFlags, so I would imagine that this is where it is stored.