1 / 37

Case of the App Compat Bug

Required Slide. SESSION CODE: WCL301 . Case of the App Compat Bug. Aaron Margosis Principal Consultant Microsoft Corporation. Some Available Techniques. Get rid of the app! Update the application Acquire new version from vendor Fix compatibility bugs in the source code

eljah
Télécharger la présentation

Case of the App Compat Bug

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Required Slide SESSION CODE: WCL301 Case of the App Compat Bug Aaron Margosis Principal Consultant Microsoft Corporation

  2. Some Available Techniques • Get rid of the app! • Update the application • Acquire new version from vendor • Fix compatibility bugs in the source code • Pre-install required files, registry keys • Modify the installer with transforms (e.g., remove Windows version checks) • Let Windows handle it (file/reg virtualization) • Apply shims • Change Permissions or Policies • Employ application or machine virtualization

  3. Case of the… FAILING FILE VIRTUALIZATION

  4. Case # 420500 (*) • Fails when run as standard user • Tested on Windows 7, 32-bit • Error message about a file and then exit • File virtualization in effect? • TaskMgr and Process Explorer say “yes” • Some app files appearing in Virtual Store • But: access-denied on a config.dat under Program Files • Why? (*.dat files should virtualize!) (*) Names of apps and vendors have been removed to protect the guilty

  5. Case of the Failing File Virtualization Featured Tools: Process Monitor Logger CompatAdmin DEMO

  6. Case # 420500 • Figure out what the app is doing • Look at call stack in Process Monitor • Identify failing API • Use Logger to identify API parameters • Solve with VirtualizeDeleteFile shim • UAC file virt does not fix attempted file deletions or in-place renames

  7. Case of the… FAILING CorrectFilePaths SHIM

  8. Case # 73052 • Writes to Options.xml in the Program Files folder, fails and exits • Tested on Windows 7, 32-bit What does the vendor say?

  9. Case # 73052 • Customer says “No!” to that • Hooray for the customer!

  10. Case # 73052 • Why isn’t file virtualization kicking in? • Check application manifest with SigCheck • Aha! The app is no longer a “legacy” app! How did that happen? Because it was built with VS 2008!

  11. Case # 73052 Consultant applied a CorrectFilePaths shim Replaces instances of: C:\Program Files\[app name removed]\Program\Options.xml With: %userprofile%\Options.xml And... The app still failed in the same way.

  12. How Can CorrectFilePaths fail? 1. Does the target location exist? 2. Exact text match, not actual file match • Example – shim configured to look for C:\Program Files\[app name removed]\Program\Options.xml • If program sets current directory and opens .\Program\Options.xml  No match, shim not applied 3. Is the calling DLL getting hooked? • What is the immediate calling DLL? • Verify 2 and 3 with LUA Buglight

  13. How Shims Work Process App.exe • IAT • CreateFile Msxml3.dll Crypt32.dll Urlmon.dll Custom1.dll Custom2.dll • IAT • CreateFile • IAT • CreateFile • IAT • CreateFile • IAT • CreateFile • IAT • CreateFile Kernel32.dll Shim DLL CorrectFilePaths implementation CreateFileW implementation

  14. CorrectFilePaths Intercepted APIs

  15. Case of the Failing CorrectFilePaths Shim Featured Tools: LUA Buglight Process Monitor with customer logs DEMO

  16. Case # 73052 • Verify inputs and modules with LUA Buglight • Configure shim for msxml3.dll • App still failed • Look at Procmon traces with shim applied

  17. Case # 73052 • Options: • Configure shim to intercept from all modules • Change permissions on Options.xml • Lesson 1: may need to look at more than failure cases • LUA Buglight and Standard User Analyzer show only the failure cases • Procmon filtered on “access denied” shows only failure cases • Lesson 2: CorrectFilePaths is a pain in the …

  18. Case of the… MISSING OR UNREGISTERED OCX

  19. Case # 2011961

  20. Run-Once bugs • No repro after app runs (as admin) one time • Installation steps performed at runtime • Typical bugs: • Copy executable files into place • Register a COM or .NET component • Modify a required configuration file

  21. Solving Run-Once Bugs • Know when future results compromised • Testing that can hide Run-Once bugs • “Try running it as admin” • Test with LUA Buglight or Standard User Analyzer • How do you know it’s a Run-Once bug? • Bug doesn’t repro at next standard user run • Need to be able to reimage quickly • Virtual machines (snapshots, undo disks) • MDT deployment (e.g., PXE boot) • Best fix for Run-Once bugs: Augment the installation

  22. Case of the… UNSIGNED JAVA INSTALLER

  23. Unsigned Packages • Packages that should be signed report as not signed • E.g., latest Java installer from Java.com • Happens in locked-down environments • FDCC/USGCB, DISA STIGs • “Root” cause:Turn off Automatic Root Certificates Update

  24. REFERENCES

  25. Utilities • Sysinternals Process Monitor • Logger (Debugging Tools for Windows) • Standard User Analyzer (App Compat Toolkit) • LUA Buglight • v2.1 recently released • Includes support for Windows 7 and x64 • http://blogs.msdn.com/aaron_margosis/pages/LuaBuglight.aspx

  26. References • Detailed shim documentation • ACT.chm in the App Compat Toolkit • Same material on technet.microsoft.com • Chris Jackson’s blog: blogs.msdn.com/cjacks • My blog: blogs.msdn.com/aaron_margosis • See “Changing Permissions on Folders vs. Files”http://blogs.msdn.com/aaron_margosis/archive/2006/06/19/638148.aspx • FDCC blog: blogs.technet.com/fdcc

  27. What is the Springboard Series? The Springboard Series IT pro experience offers dynamic content and structured guidance across the adoption lifecycle • Inside of Microsoft we are • A turnkey IT pro engagement platform for depth and breadth • The program to mobilize MS marketing and field to focus on desktop OS IT pros • To the IT pro, our goal is • Be the definitive resource for Desktop IT pros • Open, honest; show don’t tell • Information at right time, right level across Adoption Lifecycle DISCOVER EXPLORE PILOT DEPLOY MANAGE How does it change my work? How do I maintain and optimize? Is it worth the pain? Is our environment ready? Is the organization ready? Weekly, Monthly and Quarterly Rhythm of Topical Content Springboard Technical Experts Panel Event Support and Resources Straight-talk Monthly Feature Articles and Overview Guides one-Windows TechCenter in 10 languages TalkingAboutWindows Video Blogs Virtual Roundtable Events Visit the Springboard Series on TechNet at www.microsoft.com/springboard

  28. Required Slide Resources Learning • Sessions On-Demand & Community • Microsoft Certification & Training Resources www.microsoft.com/teched www.microsoft.com/learning • Resources for IT Professionals • Resources for Developers • http://microsoft.com/technet • http://microsoft.com/msdn

  29. Required Slide Complete an evaluation on CommNet and enter to win!

  30. Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st http://northamerica.msteched.com/registration You can also register at the North America 2011 kiosk located at registrationJoin us in Atlanta next year

  31. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

  32. BONUS TRACKS

  33. When to Use Shims • Define standards for when to use this technique: • Vendor no longer in business • Internal applications • Support negotiable • Shimming applications can be outsourced

  34. When Shims Are Used Windows loads app. Checks AppCompat DB(s). Match found: Selected API calls intercepted and modified. AppY.exe v 2.3.4.5 AppY.exe v 2.3.4.5 • Windows APIs • Kernel32 • User32 • Advapi32 • OleAut32 • …

  35. How do I know what's wrong?

  36. Some Useful Shims

  37. Required Slide

More Related