none
Does AppInit_DLLs still work for 32-bit apps on 64-bit Windows 8?

    Question

  • I've been using AppInit_DLLs for years, and now I have

    a 64-bit Win 8 customer for whom it does not work.

    TIA,

    Peter Gaczi

    Tuesday, December 04, 2012 12:39 PM

All replies

  • Hello,

    You can refer to this Microsoft Support issue: Working with the AppInit_DLLs registry value

    Mentioned in that article, it applies to Win32 Application Interface used with Windows NT 4.0, Windows 2000 Standard Edition and Windows XP. "Note This feature may not be available in future versions of the Windows operating system".

    Furthermore, for Windows 8 system, there are desktop mode which use Windows NT kernel and Windows Store Apps mode which use Windows RT kernel.

    Windows Store App forbids user to access or modify any register keys.

    Thanks,


    Damon Zheng
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Wednesday, December 05, 2012 6:07 AM
  • AppInit_DLLs works for Win XP, Vista and 7, 32-bit and 64-bit.

    I need to know for my customers: does AppInit_DLLs work for

    Win 8 with a NT kernel?

    TIA, Pete

    Wednesday, December 05, 2012 11:15 AM
  • Why not test an application which uses AppInit_DLLs and works under Windows 7.

    If it runs fine in Windows 8 desktop mode, that is to say AppInit_DLLs works for it.


    Lazylamb loves smelly cat.

    Wednesday, December 05, 2012 11:20 AM
  • My customer is now trying to use an app that has worked for Win XP, Vista and 7.

    It does not work for Win 8, even though the usual AppInit_DLLs Registry entries

    are present, and I want to know if that failure is by design or is it a "bug" in Win 8 that

    may soon be fixed.

    TIA, Pete

    Wednesday, December 05, 2012 12:30 PM
  • Hi Peter,

    Sorry for my delayed response.

    I have tried to work with AppInit_DLLs using my own-created sample Win32 Application and DLL. But it is not working in Windows 8 desktop mode. Later I found that in Windows 7, the DLL specific to AppInit_DLLs should be code-signed.

    Now I'm trying to involve some senior engineers into this issue and it will take some time. Your patience will be greatly appreciated.

    Sorry for any inconvenience.

    Best Regards,


    Damon Zheng
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Wednesday, December 12, 2012 7:34 AM
  • FYI, my EXEs and DLLs are code signed, but I never found that to be required. In fact,

    AppInit_DLLs does not work for Win 7 if RequireSignedAppInit_DLLs = 1.

    TIA, Pete.

     
    Wednesday, December 12, 2012 11:38 AM
  • Yes, you're right. Refer to this: AppInit_DLLs in Windows 7 and Windows Server 2008 R2 (Windows)

    The document says "should be code-signed", "In the interests of application compatibility".

    It is not required, just recommended to make code signing for the DLL. I think it is for security sake, because AppInit_DLLs is thought to be an vulnerability that can be modified by malwares.


    Damon Zheng
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Wednesday, December 12, 2012 12:19 PM
  • Hi Peter,

    Did you write to the 32 bit registry?

    On 64 bit Windows, it is located under the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows

    I saw AppInit_Dll being used on my 64 bit Windows 8 system.

    I would like to mention that you should try to avoid using this technique as it may go away in the future. We mention this in the following link (It would apply to Windows 8 as well):

    http://msdn.microsoft.com/en-us/library/windows/desktop/dd744762(v=vs.85).aspx

    thanks

    Frank K[MSFT]

    Friday, December 14, 2012 4:07 PM
  • Hi Peter

    Appinit based DLL injections are disabled when (UEFI) Secure Boot is enabled.
    You can easily verify the Secure Boot State on your customer machine using msinfo32.

    FYI, Usage of AppInit DLLs is considered a Windows logo failure, for Windows 8 desktop apps.
    http://msdn.microsoft.com/en-us/library/windows/desktop/hh749939.aspx

    Thanks,
    Itai Shaham

    • Proposed as answer by itaish Wednesday, December 18, 2013 9:22 AM
    Tuesday, January 15, 2013 7:28 AM
  • Is it correct to say that both AppInit_DLLs and SetWindowsHookEx() are
    disabled if Secure Boot is enabled for Win8?

    I've been using AppInit_DLLs for DLL injection into limited processes
    for my product for years. Is there a new accepted way to do DLL injection?

    Is there a programmatic way to tell if Secure Boot is not just present,
    but enabled as well?

    Is there a way to keep AppInit_DLLs without disabling the rest of
    Secure Boot?

    TIA, Pete

     

     

    Wednesday, February 06, 2013 1:21 PM
  • Hi Itai,

    Can you give us some information on why Secure Boot, which is by its name a boot-time feature, is affecting user session-time behaviour, ie Appinit?

    I have not found any documents refering to this behaviour, can you point us to any info you have on this?

    Many thanks

    Sky

    Saturday, February 09, 2013 4:37 PM
  • Hi Sky
    I totally agree with your argument about Secure Boot being a boot-time feature (not only by name but also by spec ) and not related to Appinit.
    Furthermore, according to Steven Sinofsky post, in the Building Windows 8 blog, “Secure boot is a UEFI protocol not a Windows 8 feature”.

    As for the “why?” I really don’t know. Official answer I got from a Microsoft escalation engineer was somewhat ambiguous “The design change has been taken based on several factors primarily being security.”
    Currently I am not aware of any official documentation referring to this behavior.

    Regards,
    Itai Shaham

    Monday, February 11, 2013 12:20 PM
  • I am getting more complaints from my customers about the disabling
    of AppInit_DLLs for UEFI and Secure Boot.

    I know that Citrix, Google Desktop, and Kaspersky Anti-Virus have been
    using AppInit_DLLs. What alternative did they employ for DLL injection?

    I read that msinfo32.exe can detect the Secure Boot State: is there a way
    to do this programmatically in C++?

    Is there a way to disable the effect of Secure Boot on AppInit_DLLs
    programmatically?

    Is there a new accepted way to do DLL injection?

    Please ask your "Microsoft escalation engineer" friend or someone else at MSFT
    to contact me with answers. Click "Email Us" at www.gaczi.com.

    My guess is that the only programmers who are going to be thwarted by
    Secure Boot are the honest ones. A Google search for "disable Secure Boot"
    shows that this is controversial "improvement".

    TIA, Pete

    Monday, March 04, 2013 10:19 AM