locked
AppInit_DLLs is ignored by processes running in the bubble RRS feed

  • Question

  • Our application is an Outlook addin. We rely on detours to route some function calls to our 'wrapper' dll.

    Outlook is installed on the local machine, and only our addin and detour dll are streamed. The virtual registry therefor contains an AppInit_DLLs value pointing to our detour DLL.

    When Outlook is launched our addin is loaded as expected. (Outlook discovers the addin by reading the virtual registry.)

    However, the detour is NOT loaded.

    I've used regedit to verify the AppInit_DLLs value is present and correct in the virtual registry. It appears to be ignored.

    Adding the path to our detour in the local machine's AppInit_DLLs makes things work, e.g. by pointing it at our detour on the Q: drive, however, we have a strict requirement NOT to write to the local machine...everything our app does is restricted to being in the bubble.

    This is app-v 4.6 on Windows 2K8 R2.

    Does anyone know how to make this work? Why does regedit in the bubble see the correct value but Outlook not?

    Wednesday, July 31, 2013 7:17 PM

Answers

  • Hello,

    The local registry key is being accessed, and not the virtual registry key. This key would not be possible to provide within a Virtual Environment.


    Nicke Källén | The Knack| Twitter: @Znackattack

    Wednesday, July 31, 2013 9:26 PM
  • Hello,
    most likely this registry key is being accessed via APIs (from Outlook), which are not virtualized (or hooked). Regedit most likely does not use the same APIs.

    You can not "workaround" this - You would need to edit the native registry key to make a change.


    Nicke Källén | The Knack| Twitter: @Znackattack

    Thursday, August 1, 2013 7:14 AM

All replies

  • Hello,

    The local registry key is being accessed, and not the virtual registry key. This key would not be possible to provide within a Virtual Environment.


    Nicke Källén | The Knack| Twitter: @Znackattack

    Wednesday, July 31, 2013 9:26 PM
  • Thanks for the reply. That is consistent with what I'm observing. What I don't understand is why regedit running in the bubble shows the virtual key, not the local key. Why does regedit see the correct key but Outlook (more precisely, user32 running in outlook) not see it? Outlook reads the path to the addin from the virtual registry and loads it correctly, but not AppInit_DLLs. So why is this key handled differently?
    Thursday, August 1, 2013 2:17 AM
  • My speculation is that since Outlook is running outside the bubble, any registry keys read by dependent dlls (user32, e.g.) are not redirected. However, any
    explicit registry reads made by the parent application of the virualized addin would be redirected. Is this correct? And if so, what can I do about it?
    Thursday, August 1, 2013 2:23 AM
  • Hello,
    most likely this registry key is being accessed via APIs (from Outlook), which are not virtualized (or hooked). Regedit most likely does not use the same APIs.

    You can not "workaround" this - You would need to edit the native registry key to make a change.


    Nicke Källén | The Knack| Twitter: @Znackattack

    Thursday, August 1, 2013 7:14 AM