This is a blast from the past.
Copy c:\WINDOWS\system32\cliconfg.exe to a folder of your choosing and execute it.
It will attempt to load a bunch of some very old-school DLLs:
- C:\Windows\System32\DBMSRPCN.DLL
- C:\Windows\System32\DBMSSPXN.DLL
- C:\Windows\System32\DBMSADSN.DLL
- C:\Windows\System32\DBMSVINN.DLL
- C:\Windows\System32\DBMSGNET.DLL
- C:\Windows\System32\DBMSSNET.DLL
- C:\Windows\System32\DBMSQLGC.DLL
- C:\Windows\System32\NTWDBLIB.DLL
The last one on the list is the one that executes code, so placing your payload inside C:\Windows\System32\NTWDBLIB.DLL is a guarantee that it will be executed when you run a copy of c:\WINDOWS\system32\cliconfg.exe from a different location.
I am lazy and am not researching the other ones, but I am sure it is most likely due to a lack of some specific export functions that my test DLLs miss to export that stop the code execution when these earlier DLLs are mapped to memory but not loaded.