Didier Stevens

Friday 9 December 2011


Filed under: My Software,Windows 7 — Didier Stevens @ 12:46

In Windows 7 and Windows Server 2008 R2, Microsoft added a feature to the AppInit_DLLs mechanism. When the REG_DWORD RequireSignedAppInit_DLLs is set to 1, the DLLs to be loaded via AppInit_DLLs have to be signed.

You can find properly signed versions of LoadDLLViaAppInit here:
LoadDLLViaAppInit_FI.zip (https)
MD5: 2867B6AADF6C9FFA224D2D6A0153AD91
SHA256: E732451401B37087FAC619BD500E370FE3C21FB764F2E2E99C76EDBADEC86204

Nothing has changed to these DLLs, I’ve not changed the version number. I only set the FORCE_INTEGRITY flag and signed them.


  1. 404 error

    Comment by spam — Saturday 10 December 2011 @ 18:57

  2. fixed

    Comment by Didier Stevens — Sunday 11 December 2011 @ 10:50

  3. Windows still only supports short (8.3) file names for AppInit_DLLs right so maybe you should rename it. 🙂

    Comment by xpclient — Friday 27 January 2012 @ 7:35

  4. No, it does not. If it doesn’t work on your machine, something else is wrong.

    Comment by Didier Stevens — Sunday 29 January 2012 @ 7:31

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.