On 26.04.2019 13:24, Abhiman wrote:
>
> Hi Anders Gustafsson
>
> AppHookxx.dll is a binary that is created in the Filr to intercept shell
> (explorer.exe) APIs and some of the COM interfaces. The Filr client
> provides a view to end user the list of files and folders present in the
> server. When user intention is to read the content of the file, the file
> is opened with appropriate rights and that is the time where the Filr
> downloads the file to backend path and redirects the open request to
> backend path.



Hmm.

https://docs.microsoft.com/de-de/win...d-appinit-dlls

"AppInit_DLLs and secure boot
Windows 8 adopted UEFI and secure boot to improve the overall system
integrity and to provide strong protection against sophisticated
threats. When secure boot is enabled, the AppInit_DLLs mechanism is
disabled as part of a no-compromise approach to protect customers
against malware and threats."

and

"AppInit_DLLs certification requirement for Windows 8 desktop apps
One of the certification requirements for Windows 8 desktop apps is that
the app must not load arbitrary DLLs to intercept Win32 API calls using
the AppInit_DLLs mechanism. For more detailed information about the
certification requirements, refer to section 1.1 of Certification
requirements for Windows 8 desktop apps.

Summary
The AppInit_DLLs mechanism is not a recommended approach for legitimate
applications because it can lead to system deadlocks and performance
problems.
The AppInit_DLLs mechanism is disabled by default when secure boot is
enabled.
Using AppInit_DLLs in a Windows 8 desktop app is a Windows desktop app
certification failure."

Any comments?

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de