1 / 57

Windows Application Readiness for Developers

Windows Application Readiness for Developers. Maarten van de Bospoort Application Development Consultant Microsoft WCL312. Agenda. Oh, oh. I come from XP. I’ve done Vista. What did you break now? That leaves room for improvement. Top AppCompat Issues. From XP to Win 7

tod
Télécharger la présentation

Windows Application Readiness for Developers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Application Readiness for Developers Maarten van de Bospoort Application Development Consultant Microsoft WCL312

  2. Agenda • Oh, oh. I come from XP. • I’ve done Vista. What did you break now? • That leaves room for improvement.

  3. Top AppCompat Issues • From XP to Win 7 • User Account Control • Mandatory Integrity Control • Services Isolation • From Vista to Win 7 • Version checking • Miscellaneous • More than just compatible • High DPI • Remote Desktop and Fast User Switching

  4. User Account Control – Why? • Running as administrator increases malware threats • No limits on what an application can do • Install root kits • Install key stroke loggers • Etc. • Enterprises: significant TCO reductions when running with managed systems • Key: run as much as possible as Standard User

  5. User Account Control – How? • Applications run as Standard User by default • What is a Standard User? Allowed • Run most applications • Change per user settings • Not Allowed • Install applications and drivers • Change system settings • Admin “privileges”

  6. Abby UAC Architecture Admin Token Admin Token App Child App Admin Token Standard User Token “Standard User” Token Standard User Token App Child App Standard User Token

  7. demo UAC Split Tokens

  8. What is broken by UAC? • Can no longer: • write to Program Files • write to System32 • write to some HKLM\Software hives • Create kernel objects in global namespace • Impact on: • file creation in restricted locations • Installers • Custom Actions in MSI • Events, Mutex, Mapped Files, Named Pipes, etc.

  9. OS Mitigation: Data Redirection • Legacy applications that write to secure locations • HKLM\Software; %SystemDrive%\Program Files; %WinDir%\System32 • Redirected to: • HKCU\Software\Classes\VirtualStore; %LocalAppData%\VirtualStore\ • Intended for “legacy” applications • Might be removed in a future OS version • Redirection removes need for elevation • Not for native x64; no redirection for binaries • Impact: • Per machine changes to per user.

  10. demo Data Redirection

  11. Mitigation: Installer Detection • Installers often require administrative rights • Running as Standard User would mean failure • Mitigation: detect strings in binaries resources • Setup, install, patch, etc. • Elevate to Administrator

  12. demo Installer Detection

  13. Fixing UAC bugs • Write to the correct location • Split up your application in two parts • Standard user day-to-day part • Administrator part • Add a manifest to opt out of mitigation

  14. Manifest: UAC section MyAdminApp.Exe.Manifest <?xmlversion="1.0" encoding="UTF-8" standalone="yes"?> <assemblyxmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentityversion="1.0.0.0" processorArchitecture="X86"name="MyAdminApp" type="win32"/> <!-- Identify the application security requirements. --> <trustInfoxmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevellevel=“asInvoker"/> </requestedPrivileges> </security> </trustInfo> </assembly>

  15. Vista / Win 7 “Aware” Application • Vista/Win 7-aware applications embed an XML manifest • Disables all mitigations • Manifest contains a trustInfo section:

  16. UAC Issues • Do you? • Write to Program Files, Windows, System32, HKLM/Software, or Root? • Create kernel objects “globally”? • Try • Running the application elevated (“As Administrator”) • Testing with UAC off • Tools • Process Monitor, Process explorer • Standard User Analyzer

  17. Mandatory Integrity Control (MIC) • Traditional NT security model revolves around process token and resource DACL • Vista/Win7: MIC level assigned to • Each process (medium default) • All resources (medium default) • Basically four levels: • 0: Low • 1: Medium • 2: High • 3: System

  18. MIC: Processes and Resources Medium (Default) Write Medium Process(Default) Read Read Read Read Low Write Low Process(PMIE)

  19. MIC: Processes and Resources Medium (Default) Medium Process(Default) Read Read Read Read Write Low Write Low Process(PMIE)

  20. MIC: Processes and Messages SendMessage Medium Process(Default) Medium Process(Default) SendMessage SendMessage Low Process(PMIE) SendMessage Low Process(PMIE)

  21. Install ActiveX control Exploit can install MALWARE Change Settings, Download a Picture Exploit can install MALWARE Cache Web content MIC Example: IE. Prior to Vista IExplore.exe Admin-Rights Access HKLM Program Files User-Rights Access HKCU My Documents Startup Folder Temp Internet Files Untrusted files & settings

  22. Compat Redirector Install an ActiveX control Change settings, Save a picture Cache Web content Redirected settings & files MIC Example: IE. Vista+ Protected Mode Protected Mode IE Integrity Control Broker Process Admin-Rights Access HKLM HKCR Program Files Broker Process User-Rights Access HKCU My Documents Startup Folder Temp Internet Files Untrusted files & settings

  23. MIC Issues • Do you? • Use Windows messages between MIC levels? • See Drag and drop fail? • Use IE to write to user’s %homepath%? • Try • Running the application elevated (“As Administrator”) • Testing with UAC off • Run IE with Protected Mode off • Tools • Process Monitor, Process explorer • Standard User Analyzer

  24. Sessions in XP/W2K/WS03 Session 0 Window Station Desktop Services Shatter Attack 1st User’sWindow 1st User’sWindow 1st User’sWindow Screen Saver Login

  25. Sessions in Vista/Windows 7 Session 0 Session 1 Window Station Window Station Desktop Desktop Service 1st User’sWindow 1st User’sWindow Service 1st User’sWindow Screen Saver Login Secure

  26. demo Session 0 Isolation

  27. Session 0 Issues • Do you • Have services that • interact with the desktop? • communicate with other user mode apps? • create a kernel object to communicate? • Verify • communication between services and applications • services are not relying on interacting with desktop • Guidance • UI: use WTSSendMessage() or CreateProcessAsUser() • kernel objects: have the service create them in global

  28. The AppCompat “Cookbooks” • Everything else that we haven’t covered • XP-> Vista/2008 -> Win7 • “Application Compatibility Cookbook” • “Application Compatibility” on MSDN • Vista -> Win 7 • “Windows 7 Application Quality Cookbook”

  29. Windows Vista to Windows 7 • Application Compatibility is a main goal • Very few breaking changes • If your app works on Vista, it will likely work on Windows 7 • …but there are a few things to verify

  30. Incompatible by Design • Version checking for a specific OS release • Structure of private data and data types • Patching OS calls • Using Registry Values instead of APIs • Non-deterministic Events • Redistributing Windows components

  31. Version Checking • Applications check Windows OS version and block themselves or modify behavior • If absolutely needed, check for >= OS version • Don’t block • Present a warning message • Allow applications to continue • Check for existence of specific features if that is important • Windows 7 is version 6.1

  32. Version Checks – Stop doing this OSVERSIONINFO version; GetVersionEx( &version ); if ( version.dwMajorVersion != 5 ) { OnAppExit(); }

  33. Version Checks – Do this HMODULE hMod; hMod = LoadLibraryFromSystem32(L"Apphelp.dll"); if (hMod) return hMod; hMod = LoadLibraryFromSystem32(L"sdbapiu.dll"); if (hMod) return hMod; hMod = LoadLibraryFromSystem32(L"sdbapi.dll"); if (hMod) return hMod;

  34. Version Check: Shimming Myapp.exe 6.1 GetVersionEx kernel32.dll

  35. Version Check: Shim Applied Myapp.exe 6.0 GetVersionEx() Shim 6.1 kernel32.dll

  36. Internet Explorer 8 • Tabs are running in individual processes • E.g. each tab (process) gets its own ActiveX control • New rendering engine • IE7 (compatibility mode) • IE8 • New IE8 user string

  37. Miscellaneous Regressions • Removal of Windows Mail • Removal of Windows Movie Maker • API implementations moved to kernelbase.dll (minwin) • Removal of Windows Registry Reflection • Replacement of WPDUSB.SYS Driver for Windows Portable Devices • Microsoft Message Queuing (MSMQ) • Check out the Windows 7 Cookbook for the full list

  38. That’s pretty much itNow let’s make it better • High DPI • Remote Desktop • Fixing your released applications with Shims

  39. High DPI Surprises Users with Max Resolution of 1600X1200 Details Almost half of all of users are not configuring their display to maximum resolution (!) Users are lowering their screen resolution to get larger text…

  40. High DPI: Why Do We Care? • High fidelity monitors not fully used • ClearType requires native resolution • Can’t display native high def content • Accidentally select a non-native aspect ratio Pixilated Content does not take advantage of the display Non-native aspect Ratio Settings “Squishes” Content

  41. High DPI Issues Clipped Text Layout & Image Size Issues WinForms Issues Pixilated Bitmaps Blurry UI Mismatched Font Sizes

  42. High DPI: test for Windows 7 • Windows 7 clean install determines DPI by heuristics • Your helpdesk will hear it more • DWM will “virtualize” and blow you up after 150% • Try running with at least 125% DPI or better 150% • Fix issues and declare DPIAware in the manifest

  43. RDS and Fast User Switching • Remote Desktop (Terminal Services) allows for centralized deployment • End users logging in or running applications “remote” (TS Apps) • FUS is “light” form of RDP • Exists since XP • Parking one user session, switching to other • Multiple instances of Application can be running

  44. RDP & FUS Compatibility Issues • Concurrency • Resources can be accessed simultaneously • Terminal Service sessions separated from Services • User data privacy • Sound, high CPU in inactive FUS session • Remote devices • Local resources are remote for the application • Remote performance considerations • paints, video, disk I/O, CPU, network are all shared

  45. Wrapping up • Shims for ISVs • Windows 7 Logo • We’re here to help

  46. What are Shims? • Windows components change to support: • new technology • bug fixes • strategy changes • OS changes may fix some, break others • Simulate previous Windows behavior for an application

  47. Shims for ISVs? • Only for released applications: • future versions need to be fixed • We’ll try to shim your released application • If we missed you, please contact us • Some information we’ll need: • specific scenario that fails • the application • which versions need to be shimmed

  48. Windows 7 Logo • Logo requirements • improve end users’ experience • Make your migration efforts easier • Simplified from Vista • Self test • Links: • List in Windows 7 Compat center http://go.microsoft.com/?linkid=9661176 • Client Logo Program  http://msdn.microsoft.com/en-us/windows/dd203105.aspx • Server Logo Program http://www.innovateon.com/product_server2008.aspx

  49. We are here to help • Forum: • http://social.msdn.microsoft.com/Forums/en-US/windowscompatibility/ • World-wide events • Hand on Testing Labs in Redmond: srglabs@microsoft.com

More Related