few changes: most software that runs on windows vista will run on windows 7 - exceptions will be low...
TRANSCRIPT
![Page 1: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/1.jpg)
Developing Compatible Software for Windows 7
Paul van WingerdenDeveloper & Platform GroupMicrosoft [email protected]
![Page 2: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/2.jpg)
Agenda
Experiences with LabsBuilts on top of VistaDemoOverview UAC, WRP, …, …
Next Steps
![Page 3: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/3.jpg)
Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV,
Firewall, Imaging, etc). Hardware that runs Windows Vista well will run Windows 7 well.
Windows 7
Few Changes: Focus on quality and reliability improvements
Windows 7 Builds on Windows VistaDeployment, Testing, and Pilots Today Will Continue to Pay Off
Deep Changes: New models for security, drivers, deployment, and
networking
![Page 4: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/4.jpg)
Enable Richer Application Experiences
More natural user interaction
Windows Touch, ink and gesture support plus handwriting recognition enable new input capabilities.
New taskbar, destinations and shell integration enhance discoverability and usability
New extensible Ribbon adds Office 2007-style controls, menus, and galleries to your application.
Rich animation framework helps you integrate smooth dynamic motion.
Access hardware innovations
Direct 2D/3D allow you to deliver high-Fidelity graphics and media
Multi-core support enhances application and device performance
Device Stage enables rich, customizable software experiences for connected devices
Build on a solid foundation
Improved fundamentalsCompatible: Works with your Windows Vista-based applications and devices
Secure: Greater flexibility with UAC while keeping security a priority
Responsive: Improved system performance and resource management
Greater developer productivity
More powerful scripting automation with PowerShell 2.0
Enhanced MSI engine makes software deployment easier
Improved accessibility and global support
Remote and virtual multi-monitor support
Simpler VHD mounting from within explorer
Integrate the best of Windows and web
services
Extend web services to client applications
Federated Search allows you to extend local search to web data sources within your client application.
Internet Explorer 8, Silverlight and Windows Presentation Foundation (WPF) enable web to rich client applications – using common platform and tools
Windows Web Services API enables high-performance web-services integration.
Enable rich web experiences
Standards compliant IE8 delivers of ‘out-of-the-box’ access to online services from within the page
Built-in dev tools within IE8 allows you to write code, run anywhere
Windows 7 for DevelopersA solid foundation for new possibilities
![Page 5: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/5.jpg)
Windows 7 features
demo
![Page 6: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/6.jpg)
Experiences
• Running remediation labs in UK etc• 95% in 5 types of errors
![Page 7: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/7.jpg)
Top AppCompat Issues
• Moving from XP to Win 7• User Account Control• Services Isolation
• Moving from Vista to Win 7• Version checking• High DPI• Low level binary changes
![Page 8: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/8.jpg)
User Account Control – Why?
• Applications run as Standard User by default• What is a Standard User?
Not Allowed
• Install applications•Change system components•Change per machine settings•Admin “privileges”
Allowed
• Run most applications• Change per user settings
![Page 9: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/9.jpg)
Why User Account Control?
• Running as administrator increases malware threats
• Windows XP had misplaced administrator checks that needed to get fixed
• Enterprises realize significant TCO reductions when running with managed systems
![Page 10: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/10.jpg)
Windows 7 UAC goals• All users run as Standard User by
default• Filtered token created during logon• Only specially marked apps get the
unfiltered token
• Explicit consent required for elevation• Predictable shell elevation paths
• High application compatibility• Data redirection• Enabling legacy apps to run as standard user
• Installer Detection
![Page 11: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/11.jpg)
UAC Architecture Standard User Rights
Administrative Rights
Admin logon
“Standard User” Token
Admin TokenAbby
![Page 12: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/12.jpg)
UAC Architecture Standard User Rights
Administrative Rights
User Process
• Read mail
• Write documents
• Run IT Approved Applications
• Change Time Zone
• Install Fonts, Printers
• Run MSN Messenger
• Etc.
Standard User Mode
Standard User Privilege
Abby
![Page 13: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/13.jpg)
UAC Architecture Standard User Rights
Administrative Rights
User Process
• Change Time Zone
• Run IT Approved Applications
• Install Fonts
• Install Printers
• Run MSN Messenger
• Etc.
Admin Privileges
Standard User Privilege
Abby
Admin Process
Install Application
Admin Process
Configure IIS
Admin Process
Change Time
Admin Privilege
Admin Privilege
Admin Privilege
![Page 14: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/14.jpg)
Consent UIOS Application
Unsigned Application
Signed Application
![Page 15: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/15.jpg)
Credential UI (Over The Shoulder)
![Page 16: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/16.jpg)
UX Goals: Simple & Predictable1 Make application Standard user only2 Clearly identify Administrative tasks• Ensure Standard users can be fully
productive• Identify tasks that need elevation with a
“shield”
![Page 17: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/17.jpg)
UX: The Shield
• Attached to controls to indicate that elevation is required to use their associated feature
• Has only one state (i.e. no hover, disabled etc.)
• Does not remember elevated state• Not an unlock operation
• Can be programmatically set:• IDI_SHIELD icon resource• BCM_SETSHIELD button message
![Page 18: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/18.jpg)
Security Shield UI Examples
![Page 19: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/19.jpg)
The Standard User Problem
I am a developer,
not a STANDARD
user!
Too many apps break as standard
user. It’s not worth the trouble.
![Page 20: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/20.jpg)
The UAC Solution
Make it possible for most apps to run
Remove excuses for running as administrator
Encourage ISVs to develop for non-admins
![Page 21: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/21.jpg)
UAC for Standard Users
We fix thingsWe allow you to elevate to admin
![Page 22: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/22.jpg)
File and Registry Virtualization
Client onlyLegacy applications only32-bit applications onlyNon-elevated apps onlyMultiple copies of filesDoesn’t apply to executable files
![Page 23: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/23.jpg)
File Virtualization
c:\program filesc:\programdatac:\windows
![Page 24: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/24.jpg)
File Virtualization
Luafv.sys
Ntfs.sys
Legacy Application
User Mode
Kernel Mode
\Windows\App.ini
\Users\<user>\AppData\Local\VirtualStore\Windows\App.ini
Vista Application
\Windows\App.ini
Access Denied
![Page 25: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/25.jpg)
Registry Virtualization
HKEY_LOCAL_MACHINE\Software
![Page 26: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/26.jpg)
Registry Virtualization
Ntoskrnl.exe
Legacy Application
User Mode
Kernel Mode
HKLM\Software\App
HKCU\Software\Classes\VirtualStore\Machine\Software\App
Vista Application
Registry
Access Denied
![Page 27: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/27.jpg)
File Virtualization
demo
![Page 28: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/28.jpg)
UAC for Administrators
We fix thingsWe let you run with fewer rightsWe let you elevate to full rights
![Page 29: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/29.jpg)
The Split Token
Run with fewer rights most of the timeConveniently elevate when you need rightsApplies to interactive logons only
![Page 30: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/30.jpg)
Creating the Split Token
winlogon
Create LUID withfull token
Create LUID withprotected token
CreateProcess explorer.exe
with protected token
![Page 31: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/31.jpg)
UAC OTS Elevation
Protected Administrator System Administrator
explorer.exe AppInfo Service
consent.exe
elevatedapp.exeRPC
Reparented
ShellExecute(elevatedapp.exe) CreateProcessAsUser(elevatedapp.exe)
![Page 32: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/32.jpg)
UAC: OTS Dialogs
![Page 33: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/33.jpg)
The Split Token
• Run with fewer rights most of the time• Conveniently elevate when you need
rights• Applies to interactive logons only
![Page 34: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/34.jpg)
Standard User Platform Fixes
![Page 35: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/35.jpg)
Installer Detection
• Almost 100% of legacy installations would fail without installer detection and elevation
• Looks for Setup, Install, Update, etc.• Looks in binary name and resources• Automatically adds the shield icon
when detected
![Page 36: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/36.jpg)
Application Manifests
• Vista-aware applications embed an XML manifest
• Manifest contains a requestedExecutionLevel:
asInvoker Launch with the same token as the parent process
highestAvailable Launch with the highest token this user possesses
requireAdministrator
Highest token of the User provided User is a member of Administrators group
![Page 37: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/37.jpg)
Sample Manifest
• MyAdminApp.exe.manifest:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" processorArchitecture="X86“ name="MyAdminApp" type="win32"/>
<!-- Identify the application security requirements. --> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="requireAdministrator"/>
</requestedPrivileges> </security> </trustInfo></assembly>
![Page 38: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/38.jpg)
Mandatory Integrity Control (MIC)
• Traditional NT security revolves around process token
• Windows 7 enhances this with MIC:• Each process gets a MIC level• All resources get a MIC level
• There are four levels:• 0: Low • 1: Medium (Default)• 2: High• 3: System
![Page 39: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/39.jpg)
MIC: Process Isolation:Protecting Administrative Applications • Administrative and standard user applications share the same desktop• Primary threats• Cross-process Window messages• DLL injection and create remote thread
• Process Isolation mechanisms• Integrity level for processes• UI privilege isolation
• “Lower” cannot interfere with “Higher”
User ProcessMIC = Medium
Admin AppMIC = High
![Page 40: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/40.jpg)
Process Isolation
Show integrity levels
Demo
![Page 41: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/41.jpg)
MIC and Resources
• MIC levels apply to:• Processes• COM components• Services• Files• Registry keys
• View MIC level on files and other resources using “accesschk –i” (tool from www.sysinternals.com)
• IE currently only application that has a MIC level of Low
• All IE resources need low as well• Resources medium by default in Vista
![Page 42: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/42.jpg)
IE – Protected Mode
• Internet explorer runs with low permissions• IE cannot modify user files, registry keys• File/registry writes are redirected, visible from IE only.
• Different than UAC virtualization
• Windows messaging blocked• Issues
• Controls that share data with external processes fail• New prompts requesting user permission may impact some
apps
• Mitigations• Add the site to the trusted sites list (turns off protected
mode)
• Surprising twists• Creating a COM component from IE
![Page 43: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/43.jpg)
Session 0
Window StationDesktop
Screen Saver
Login
Sessions in XP/W2K/WS03
Services
1st User’sWindow
1st User’sWindow
1st User’sWindow
Shatter Attack
![Page 44: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/44.jpg)
Sessions in Vista/Windows 7Session 0
Window StationDesktop
Service
Service
Session 1
Window StationDesktop
Screen Saver
Login
1st User’sWindow
1st User’sWindow
1st User’sWindow
Secure
![Page 45: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/45.jpg)
Session 0 Isolation
demo
![Page 46: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/46.jpg)
Application Shim Technology
• “Shim Technology is an elegant technique that is used to fool some applications into running on versions of the operating system they may not have been designed for. It’s a method of 'hooking' the Win32 APIs that are called by a particular application program. Once installed, such hooks permit developers and support engineers to install alternate (stub) functions to be called in place of the original functions. The actions taken by the stub function comprise the fix for a particular application compatibility problem.”• - Mark Derbecker
![Page 47: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/47.jpg)
Shims for ISVs?
• Windows components change to support:• New technology• Bug fixes• Strategy changes
• OS changes may fix some, break others
• Simulate previous Windows ONLY for an app
![Page 48: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/48.jpg)
Shim Application
• Implements Windows API hooks• Shim engine is responsible for
applying the shims
Load the shim DLL
Retrieve the APIs which should be hooked
Review the import table
of the application
to determine
where hooks should be
placed
Overwrite the
addresses of the API calls
with the address in the shim
![Page 49: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/49.jpg)
How Shims are Loaded
• Shims are applied per executable
Run initialization routines
Shim engine applies
API hooks
Loader maps executable
and statically linked DLLs into memory
![Page 50: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/50.jpg)
Operating System Version
Windows 7 is … Windows 6.1?dwMajorVersion stays the samedwMinorVersion changes
RemediationCheck for features, not versionsUse the > keyVersion lies
![Page 51: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/51.jpg)
xxxVersionLie
Symptoms“Unsupported operating system”
Fix descriptionLies
![Page 52: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/52.jpg)
Version Lie Shims
Win95VersionLieWinNT4SP5VersionLieWin98VersionLieWin2000VersionLieWin2000SP1VersionLieWin2000SP2VersionLie
Win2000SP3VersionLieWinXPVersionLieWinXPSP1VersionLieWinXPSP2VersionLieWin2K3RTMVersionLieWin2K3SP1VersionLieVistaRTMVersionLie
![Page 53: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/53.jpg)
Version Lie Layers
Win95NT4SP5Win98Win2000Win2000SP2Win2000SP3
WinXPWinXPSP1WinXPSP2WinXPSP2VersionLieWinSrv03WinSrv03SP1VistaRTM
![Page 54: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/54.jpg)
Shims and Layers
Windows
Shim
ApplicationChild
Application
Layer
![Page 55: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/55.jpg)
Layers: More Than Version LiesVistaRTM Layer:
DelayAppDllMainElevateCreateProcessFailObsoleteShellAPIsFaultTolerantHeapGlobalMemoryStatus2GBHandleBadPtr
NoGhostRedirectMP3CodecVirtualRegistryVistaRTMVersionLieWRPDllRegisterWRPMitigation
![Page 56: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/56.jpg)
ISV Impact Summary• Certified for Windows Logo for Standard User?• It will just work on Windows 7
• Fails on Windows XP as Standard User?Possibly:• Mitigated by Redirection• Mitigated by App Compat Shim “IsAdmin()?”• Simple app with Admin dependencies: split up• Admin app on Windows XP: Needs to be
manifested• Web applications need special attention due to
Protected Mode IE
• There are tools to help with this process (more later)
![Page 57: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/57.jpg)
Resources
• Cookbooks• “Application Compatibility Cookbook”• “Windows 7 Application Quality Cookbook”
• MSDN Application Compatibility: http://msdn.microsoft.com/en-us/windows/aa904987.aspx
• TechNet Windows Application Compatibility: http://technet.microsoft.com/en-us/desktopdeployment/bb414773.aspx
• DevReadiness.org• Channel 9:
http://channel9.msdn.com/tags/Application+Compatibility/
![Page 58: Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware](https://reader038.vdocuments.site/reader038/viewer/2022102818/56649f175503460f94c2dd86/html5/thumbnails/58.jpg)
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows 7 and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing
market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.