570 likes | 845 Vues
Windows Application Readiness for Developers. Maarten van de Bospoort Application Development Consultant Microsoft WCL312. Agenda. Oh, oh. I come from XP. I’ve done Vista. What did you break now? That leaves room for improvement. Top AppCompat Issues. From XP to Win 7
E N D
Windows Application Readiness for Developers Maarten van de Bospoort Application Development Consultant Microsoft WCL312
Agenda • Oh, oh. I come from XP. • I’ve done Vista. What did you break now? • That leaves room for improvement.
Top AppCompat Issues • From XP to Win 7 • User Account Control • Mandatory Integrity Control • Services Isolation • From Vista to Win 7 • Version checking • Miscellaneous • More than just compatible • High DPI • Remote Desktop and Fast User Switching
User Account Control – Why? • Running as administrator increases malware threats • No limits on what an application can do • Install root kits • Install key stroke loggers • Etc. • Enterprises: significant TCO reductions when running with managed systems • Key: run as much as possible as Standard User
User Account Control – How? • Applications run as Standard User by default • What is a Standard User? Allowed • Run most applications • Change per user settings • Not Allowed • Install applications and drivers • Change system settings • Admin “privileges”
Abby UAC Architecture Admin Token Admin Token App Child App Admin Token Standard User Token “Standard User” Token Standard User Token App Child App Standard User Token
demo UAC Split Tokens
What is broken by UAC? • Can no longer: • write to Program Files • write to System32 • write to some HKLM\Software hives • Create kernel objects in global namespace • Impact on: • file creation in restricted locations • Installers • Custom Actions in MSI • Events, Mutex, Mapped Files, Named Pipes, etc.
OS Mitigation: Data Redirection • Legacy applications that write to secure locations • HKLM\Software; %SystemDrive%\Program Files; %WinDir%\System32 • Redirected to: • HKCU\Software\Classes\VirtualStore; %LocalAppData%\VirtualStore\ • Intended for “legacy” applications • Might be removed in a future OS version • Redirection removes need for elevation • Not for native x64; no redirection for binaries • Impact: • Per machine changes to per user.
demo Data Redirection
Mitigation: Installer Detection • Installers often require administrative rights • Running as Standard User would mean failure • Mitigation: detect strings in binaries resources • Setup, install, patch, etc. • Elevate to Administrator
demo Installer Detection
Fixing UAC bugs • Write to the correct location • Split up your application in two parts • Standard user day-to-day part • Administrator part • Add a manifest to opt out of mitigation
Manifest: UAC section MyAdminApp.Exe.Manifest <?xmlversion="1.0" encoding="UTF-8" standalone="yes"?> <assemblyxmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentityversion="1.0.0.0" processorArchitecture="X86"name="MyAdminApp" type="win32"/> <!-- Identify the application security requirements. --> <trustInfoxmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevellevel=“asInvoker"/> </requestedPrivileges> </security> </trustInfo> </assembly>
Vista / Win 7 “Aware” Application • Vista/Win 7-aware applications embed an XML manifest • Disables all mitigations • Manifest contains a trustInfo section:
UAC Issues • Do you? • Write to Program Files, Windows, System32, HKLM/Software, or Root? • Create kernel objects “globally”? • Try • Running the application elevated (“As Administrator”) • Testing with UAC off • Tools • Process Monitor, Process explorer • Standard User Analyzer
Mandatory Integrity Control (MIC) • Traditional NT security model revolves around process token and resource DACL • Vista/Win7: MIC level assigned to • Each process (medium default) • All resources (medium default) • Basically four levels: • 0: Low • 1: Medium • 2: High • 3: System
MIC: Processes and Resources Medium (Default) Write Medium Process(Default) Read Read Read Read Low Write Low Process(PMIE)
MIC: Processes and Resources Medium (Default) Medium Process(Default) Read Read Read Read Write Low Write Low Process(PMIE)
MIC: Processes and Messages SendMessage Medium Process(Default) Medium Process(Default) SendMessage SendMessage Low Process(PMIE) SendMessage Low Process(PMIE)
Install ActiveX control Exploit can install MALWARE Change Settings, Download a Picture Exploit can install MALWARE Cache Web content MIC Example: IE. Prior to Vista IExplore.exe Admin-Rights Access HKLM Program Files User-Rights Access HKCU My Documents Startup Folder Temp Internet Files Untrusted files & settings
Compat Redirector Install an ActiveX control Change settings, Save a picture Cache Web content Redirected settings & files MIC Example: IE. Vista+ Protected Mode Protected Mode IE Integrity Control Broker Process Admin-Rights Access HKLM HKCR Program Files Broker Process User-Rights Access HKCU My Documents Startup Folder Temp Internet Files Untrusted files & settings
MIC Issues • Do you? • Use Windows messages between MIC levels? • See Drag and drop fail? • Use IE to write to user’s %homepath%? • Try • Running the application elevated (“As Administrator”) • Testing with UAC off • Run IE with Protected Mode off • Tools • Process Monitor, Process explorer • Standard User Analyzer
Sessions in XP/W2K/WS03 Session 0 Window Station Desktop Services Shatter Attack 1st User’sWindow 1st User’sWindow 1st User’sWindow Screen Saver Login
Sessions in Vista/Windows 7 Session 0 Session 1 Window Station Window Station Desktop Desktop Service 1st User’sWindow 1st User’sWindow Service 1st User’sWindow Screen Saver Login Secure
demo Session 0 Isolation
Session 0 Issues • Do you • Have services that • interact with the desktop? • communicate with other user mode apps? • create a kernel object to communicate? • Verify • communication between services and applications • services are not relying on interacting with desktop • Guidance • UI: use WTSSendMessage() or CreateProcessAsUser() • kernel objects: have the service create them in global
The AppCompat “Cookbooks” • Everything else that we haven’t covered • XP-> Vista/2008 -> Win7 • “Application Compatibility Cookbook” • “Application Compatibility” on MSDN • Vista -> Win 7 • “Windows 7 Application Quality Cookbook”
Windows Vista to Windows 7 • Application Compatibility is a main goal • Very few breaking changes • If your app works on Vista, it will likely work on Windows 7 • …but there are a few things to verify
Incompatible by Design • Version checking for a specific OS release • Structure of private data and data types • Patching OS calls • Using Registry Values instead of APIs • Non-deterministic Events • Redistributing Windows components
Version Checking • Applications check Windows OS version and block themselves or modify behavior • If absolutely needed, check for >= OS version • Don’t block • Present a warning message • Allow applications to continue • Check for existence of specific features if that is important • Windows 7 is version 6.1
Version Checks – Stop doing this OSVERSIONINFO version; GetVersionEx( &version ); if ( version.dwMajorVersion != 5 ) { OnAppExit(); }
Version Checks – Do this HMODULE hMod; hMod = LoadLibraryFromSystem32(L"Apphelp.dll"); if (hMod) return hMod; hMod = LoadLibraryFromSystem32(L"sdbapiu.dll"); if (hMod) return hMod; hMod = LoadLibraryFromSystem32(L"sdbapi.dll"); if (hMod) return hMod;
Version Check: Shimming Myapp.exe 6.1 GetVersionEx kernel32.dll
Version Check: Shim Applied Myapp.exe 6.0 GetVersionEx() Shim 6.1 kernel32.dll
Internet Explorer 8 • Tabs are running in individual processes • E.g. each tab (process) gets its own ActiveX control • New rendering engine • IE7 (compatibility mode) • IE8 • New IE8 user string
Miscellaneous Regressions • Removal of Windows Mail • Removal of Windows Movie Maker • API implementations moved to kernelbase.dll (minwin) • Removal of Windows Registry Reflection • Replacement of WPDUSB.SYS Driver for Windows Portable Devices • Microsoft Message Queuing (MSMQ) • Check out the Windows 7 Cookbook for the full list
That’s pretty much itNow let’s make it better • High DPI • Remote Desktop • Fixing your released applications with Shims
High DPI Surprises Users with Max Resolution of 1600X1200 Details Almost half of all of users are not configuring their display to maximum resolution (!) Users are lowering their screen resolution to get larger text…
High DPI: Why Do We Care? • High fidelity monitors not fully used • ClearType requires native resolution • Can’t display native high def content • Accidentally select a non-native aspect ratio Pixilated Content does not take advantage of the display Non-native aspect Ratio Settings “Squishes” Content
High DPI Issues Clipped Text Layout & Image Size Issues WinForms Issues Pixilated Bitmaps Blurry UI Mismatched Font Sizes
High DPI: test for Windows 7 • Windows 7 clean install determines DPI by heuristics • Your helpdesk will hear it more • DWM will “virtualize” and blow you up after 150% • Try running with at least 125% DPI or better 150% • Fix issues and declare DPIAware in the manifest
RDS and Fast User Switching • Remote Desktop (Terminal Services) allows for centralized deployment • End users logging in or running applications “remote” (TS Apps) • FUS is “light” form of RDP • Exists since XP • Parking one user session, switching to other • Multiple instances of Application can be running
RDP & FUS Compatibility Issues • Concurrency • Resources can be accessed simultaneously • Terminal Service sessions separated from Services • User data privacy • Sound, high CPU in inactive FUS session • Remote devices • Local resources are remote for the application • Remote performance considerations • paints, video, disk I/O, CPU, network are all shared
Wrapping up • Shims for ISVs • Windows 7 Logo • We’re here to help
What are Shims? • Windows components change to support: • new technology • bug fixes • strategy changes • OS changes may fix some, break others • Simulate previous Windows behavior for an application
Shims for ISVs? • Only for released applications: • future versions need to be fixed • We’ll try to shim your released application • If we missed you, please contact us • Some information we’ll need: • specific scenario that fails • the application • which versions need to be shimmed
Windows 7 Logo • Logo requirements • improve end users’ experience • Make your migration efforts easier • Simplified from Vista • Self test • Links: • List in Windows 7 Compat center http://go.microsoft.com/?linkid=9661176 • Client Logo Program http://msdn.microsoft.com/en-us/windows/dd203105.aspx • Server Logo Program http://www.innovateon.com/product_server2008.aspx
We are here to help • Forum: • http://social.msdn.microsoft.com/Forums/en-US/windowscompatibility/ • World-wide events • Hand on Testing Labs in Redmond: srglabs@microsoft.com