AppInit_DLLs in Windows 7 and Windows Server 2008 R2
Platform
Clients - Windows 7
Servers - Windows Server 2008 R2
Feature Impact
Severity - Low
Frequency - Low
Description
AppInit_DLLs is a mechanism that allows an arbitrary list of DLLs to be loaded into each user mode process on the system. Microsoft is modifying the AppInit DLLs facility in Windows 7 and Windows Server 2008 R2 to add a new code-signing requirement. This will help improve the system reliability and performance, as well as improve visibility into the origin of software.
Configuration
Values stored under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion \Windows key in the registry determine the behavior of the AppInit_DLLs infrastructure. The table below describes these registry values:
Value | Description | Sample Values |
---|---|---|
LoadAppInit_DLLs (REG_DWORD)${REMOVE}$ |
Globally enables or disables AppInit_DLLs.${REMOVE}$ |
0x0 – AppInit_DLLs are disabled. |
0x1 – AppInit_DLLs are enabled. | ||
AppInit_DLLs (REG_SZ) | Space or comma delimited list of DLLs to load. The complete path to the DLL should be specified using Short Names. | C:\ PROGRA~1\WID288~1\MICROS~1.DLL |
RequireSignedAppInit_DLLs (REG_DWORD)${REMOVE}$ |
Only load code-signed DLLs.${REMOVE}$ |
0x0 – Load any DLLs. |
0x1 – Load only code-signed DLLs. |
Windows 7
All DLLs that are loaded by the AppInit_DLLs infrastructure should be code-signed. In the interests of application compatibility, the Windows 7 Operating System will load all AppInit DLLs. However, Microsoft recommends that all application developers code-sign their DLLs to help improve the reliability of Windows and prepare for code-signing enforcement in future versions of Windows. The RequireSignedAppInit_DLLs registry key controls this behavior and its value on Windows 7 is set to 0 by default.
Windows Server 2008 R2
All DLLs that are loaded by the AppInit_DLLs infrastructure must be code-signed. The RequireSignedAppInit_DLLs registry key controls this behavior and its value on Windows Server 2008 R2 is set to 1 by default.
Links to Other Resources