AppInit_DLLs in Windows 7 and Windows Server 2008 R2

Platform

**Clients** - Windows 7 **Servers** - Windows Server 2008 R2

Feature Impact

**Severity** - Low **Frequency** - Low

Description

AppInit_DLLs is a mechanism that allows an arbitrary list of DLLs to be loaded into each user mode process on the system. Microsoft is modifying the AppInit DLLs facility in Windows 7 and Windows Server 2008 R2 to add a new code-signing requirement. This will help improve the system reliability and performance, as well as improve visibility into the origin of software.

Configuration

Values stored under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion \Windows key in the registry determine the behavior of the AppInit_DLLs infrastructure. The table below describes these registry values:

Value Description Sample Values
LoadAppInit_DLLs (REG_DWORD)${REMOVE}$
Globally enables or disables AppInit_DLLs.${REMOVE}$
0x0 – AppInit_DLLs are disabled.
0x1 – AppInit_DLLs are enabled.
AppInit_DLLs (REG_SZ) Space or comma delimited list of DLLs to load. The complete path to the DLL should be specified using Short Names. C:\ PROGRA~1\WID288~1\MICROS~1.DLL
RequireSignedAppInit_DLLs (REG_DWORD)${REMOVE}$
Only load code-signed DLLs.${REMOVE}$
0x0 – Load any DLLs.
0x1 – Load only code-signed DLLs.

 

Windows 7

All DLLs that are loaded by the AppInit_DLLs infrastructure should be code-signed. In the interests of application compatibility, the Windows 7 Operating System will load all AppInit DLLs. However, Microsoft recommends that all application developers code-sign their DLLs to help improve the reliability of Windows and prepare for code-signing enforcement in future versions of Windows. The RequireSignedAppInit_DLLs registry key controls this behavior and its value on Windows 7 is set to 0 by default.

Windows Server 2008 R2

All DLLs that are loaded by the AppInit_DLLs infrastructure must be code-signed. The RequireSignedAppInit_DLLs registry key controls this behavior and its value on Windows Server 2008 R2 is set to 1 by default.

AppInit DLLs in Windows 7 and Windows Server 2008 R2