Knowledge Partner
Knowledge Partner
303 views

Purpose of FilrAppHook.dll?

Reason I ask is that it breaks the MPLABx IDE badly. It also seems to
rely on a deprecated and not-recommended Windows feature, so I ask what
it does and if stopping it from loading will affect Filr 3.4.3
functionality?

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
https://www.novell.com/products/enhancement-request.html

0 Likes
2 Replies
Abhiman1 Absent Member.
Absent Member.

Re: Purpose of FilrAppHook.dll?

Hi Anders Gustafsson

AppHookxx.dll is a binary that is created in the Filr to intercept shell (explorer.exe) APIs and some of the COM interfaces. The Filr client provides a view to end user the list of files and folders present in the server. When user intention is to read the content of the file, the file is opened with appropriate rights and that is the time where the Filr downloads the file to backend path and redirects the open request to backend path.



Reading the file content by an application is an intentional operation for which we download where as in the case of shell (explorer.exe) the file will be unnecessarily opened by the shell for many other reasons major including thumbnail preview, preview pane, properties etc. To prevent the unnecessary download of the file, we are hooking to all the process with this DLL and trying to block the download of online file.



As part of hooking, we are hooking to shell calls like SHCreateStream etc functions that lead to download the file. These functions are called by the MS default preview/thumbnail handlers to get the content of the file for preview. The other hooking that we are doing is to hook to IID_IInitializeWithFile interface of the preview/thumbnail handlers which are called by the custom file type preview handlers. For this interface either we accept or reject the call based on weather file is downloaded or not.



To hook to individual process, we are using the registry location "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs" registry key which default injects the DLL into new process that is getting created. This way the DLL will get injected to the process and when trying to browse the files of Filr, the unnecessary download for preview is blocked.

Stopping the DLL will definitely download the files unnecessarily as well as we are looking at some of the shell functions like copy/paste through this and stopping this, will loose the operations.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Purpose of FilrAppHook.dll?

On 26.04.2019 13:24, Abhiman wrote:
>
> Hi Anders Gustafsson
>
> AppHookxx.dll is a binary that is created in the Filr to intercept shell
> (explorer.exe) APIs and some of the COM interfaces. The Filr client
> provides a view to end user the list of files and folders present in the
> server. When user intention is to read the content of the file, the file
> is opened with appropriate rights and that is the time where the Filr
> downloads the file to backend path and redirects the open request to
> backend path.



Hmm.

https://docs.microsoft.com/de-de/windows/desktop/Dlls/secure-boot-and-appinit-dlls

"AppInit_DLLs and secure boot
Windows 8 adopted UEFI and secure boot to improve the overall system
integrity and to provide strong protection against sophisticated
threats. When secure boot is enabled, the AppInit_DLLs mechanism is
disabled as part of a no-compromise approach to protect customers
against malware and threats."

and

"AppInit_DLLs certification requirement for Windows 8 desktop apps
One of the certification requirements for Windows 8 desktop apps is that
the app must not load arbitrary DLLs to intercept Win32 API calls using
the AppInit_DLLs mechanism. For more detailed information about the
certification requirements, refer to section 1.1 of Certification
requirements for Windows 8 desktop apps.

Summary
The AppInit_DLLs mechanism is not a recommended approach for legitimate
applications because it can lead to system deadlocks and performance
problems.
The AppInit_DLLs mechanism is disabled by default when secure boot is
enabled.
Using AppInit_DLLs in a Windows 8 desktop app is a Windows desktop app
certification failure."

Any comments?

CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.