On 26.04.2019 13:24, Abhiman wrote:
> Hi Anders Gustafsson
> AppHookxx.dll is a binary that is created in the Filr to intercept shell
> (explorer.exe) APIs and some of the COM interfaces. The Filr client
> provides a view to end user the list of files and folders present in the
> server. When user intention is to read the content of the file, the file
> is opened with appropriate rights and that is the time where the Filr
> downloads the file to backend path and redirects the open request to
> backend path.



"AppInit_DLLs and secure boot
Windows 8 adopted UEFI and secure boot to improve the overall system
integrity and to provide strong protection against sophisticated
threats. When secure boot is enabled, the AppInit_DLLs mechanism is
disabled as part of a no-compromise approach to protect customers
against malware and threats."


"AppInit_DLLs certification requirement for Windows 8 desktop apps
One of the certification requirements for Windows 8 desktop apps is that
the app must not load arbitrary DLLs to intercept Win32 API calls using
the AppInit_DLLs mechanism. For more detailed information about the
certification requirements, refer to section 1.1 of Certification
requirements for Windows 8 desktop apps.

The AppInit_DLLs mechanism is not a recommended approach for legitimate
applications because it can lead to system deadlocks and performance
The AppInit_DLLs mechanism is disabled by default when secure boot is
Using AppInit_DLLs in a Windows 8 desktop app is a Windows desktop app
certification failure."

Any comments?

Massimo Rosen
Micro Focus Knowledge Partner
No emails please!