I want to ensure that the DLLs I link to in my C++ app are compiled with the /INTEGRITYCHECK linker option, meaning they have the IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY flag in the PE header. I'm primarily concerned with a DLL of my own that I'm linking to--I want to be sure that it is in fact my legitimate DLL.

Now, I can build my DLL with the /INTEGRITYCHECK option, but what's the purpose of that if someone can simply edit the DLL header to not have that flag, and then use a malicious version of the DLL? So, assuming we trust my application that's running, how do I verify the DLL that's being linked to, by verifying the /INTEGRITYCHECK option is present(which will in turn check for valid signature)? Note that I am implicitly linking to the DLL, meaning I'm linking at load time. So I use the import library of the DLL, and I'm not making any calls to LoadLibrary; none of my application code is running at the time of linking the DLL.

Also, I know I should enforce security through file permissions on my DLL's directory(and I am incorporating such measures)--but for the scope of this question I'm specifically wondering about checking the /INTEGRITYCHECK option at load time.

I did see this question about enforcing signatures on DLLs, but it doesn't deal with /INTEGRITYCHECK specifically (which I would be fine with if the answer actually worked for enforcing signatures--but it doesn't). However, in my testing /INTEGRITYCHECK does work to ensure there's a valid Windows signature on a binary--thus I'm specifically interested in enforcing /INTEGRITYCHECK on dependent DLLs.