Didier Stevens

Friday 9 December 2011


Filed under: My Software,Windows 7 — Didier Stevens @ 12:46

In Windows 7 and Windows Server 2008 R2, Microsoft added a feature to the AppInit_DLLs mechanism. When the REG_DWORD RequireSignedAppInit_DLLs is set to 1, the DLLs to be loaded via AppInit_DLLs have to be signed.

You can find properly signed versions of LoadDLLViaAppInit here:
LoadDLLViaAppInit_FI.zip (https)
MD5: 2867B6AADF6C9FFA224D2D6A0153AD91
SHA256: E732451401B37087FAC619BD500E370FE3C21FB764F2E2E99C76EDBADEC86204

Nothing has changed to these DLLs, I’ve not changed the version number. I only set the FORCE_INTEGRITY flag and signed them.

Blog at WordPress.com.