I support a product that detects unique key combinations when pressed to launch a notification alert.
This monitoring is done by a dll that is injected. Originally this was done specifically to winlogon.exe, but due to some changes in Vista we added the reference to our dll in AppInitDLLs to have it injected into every running process.
This is not working on my newest development machine, and some behavior on client machines mimicks the behavior. Another dll listed, C:\Windows\system32\nvinitx.dll, is still correctly being loaded, but mine is not.
Are there any known recent security patches that may affect this?
there are no new security changes as far as I know, you can inject any dll (but it must be compatible with the process you are injecting into) like if the process is 32bit your dll must be 32 and if the process is 64bit u need to inject 64bit or odd behavior will appear. another things that there is a new bool value must be set in windows 7 (not sure in vista) that is
“HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\LoadAppInit_DLLs” must be set to one