AppInit DLLs in Windows 7 and Windows Server 2008 R2
Updated: May 15, 2009
This paper provides information about the AppInit_DLLs infrastructure for the Windows family of operating systems. It provides guidelines for application developers to ensure that any applications that depend on the AppInit_DLLs mechanism function correctly when run in Windows 7 or Windows Server 2008 R2.
The AppInit_DLLs infrastructure enables applications to load arbitrary DLLs into all user-mode processes. The most common use of this mechanism is API hooking. The AppInit_DLLs infrastructure has been changed for Windows 7 and Windows Server 2008 R2 to help improve the integrity and visibility of code that is running on these systems. This paper includes information about the new code signature requirement that has been introduced for AppInit_DLLs. It also includes information that is related to the following message that is observed in Event Viewer:
"Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications."
This information applies for the following operating systems:
Windows 7
Windows Server 2008 R2
Included in this white paper:
| • | AppInit_DLL Functionality in Windows 7 and Windows Server 2008 R2 |
| • | Developer Best Practices |
| • | Code Signature Overview |
| • | Detailed Code Signature Information |
