370 likes | 705 Views
Required Slide. SESSION CODE: WCL301 . Case of the App Compat Bug. Aaron Margosis Principal Consultant Microsoft Corporation. Some Available Techniques. Get rid of the app! Update the application Acquire new version from vendor Fix compatibility bugs in the source code
E N D
Required Slide SESSION CODE: WCL301 Case of the App Compat Bug Aaron Margosis Principal Consultant Microsoft Corporation
Some Available Techniques • Get rid of the app! • Update the application • Acquire new version from vendor • Fix compatibility bugs in the source code • Pre-install required files, registry keys • Modify the installer with transforms (e.g., remove Windows version checks) • Let Windows handle it (file/reg virtualization) • Apply shims • Change Permissions or Policies • Employ application or machine virtualization
Case of the… FAILING FILE VIRTUALIZATION
Case # 420500 (*) • Fails when run as standard user • Tested on Windows 7, 32-bit • Error message about a file and then exit • File virtualization in effect? • TaskMgr and Process Explorer say “yes” • Some app files appearing in Virtual Store • But: access-denied on a config.dat under Program Files • Why? (*.dat files should virtualize!) (*) Names of apps and vendors have been removed to protect the guilty
Case of the Failing File Virtualization Featured Tools: Process Monitor Logger CompatAdmin DEMO
Case # 420500 • Figure out what the app is doing • Look at call stack in Process Monitor • Identify failing API • Use Logger to identify API parameters • Solve with VirtualizeDeleteFile shim • UAC file virt does not fix attempted file deletions or in-place renames
Case of the… FAILING CorrectFilePaths SHIM
Case # 73052 • Writes to Options.xml in the Program Files folder, fails and exits • Tested on Windows 7, 32-bit What does the vendor say?
Case # 73052 • Customer says “No!” to that • Hooray for the customer!
Case # 73052 • Why isn’t file virtualization kicking in? • Check application manifest with SigCheck • Aha! The app is no longer a “legacy” app! How did that happen? Because it was built with VS 2008!
Case # 73052 Consultant applied a CorrectFilePaths shim Replaces instances of: C:\Program Files\[app name removed]\Program\Options.xml With: %userprofile%\Options.xml And... The app still failed in the same way.
How Can CorrectFilePaths fail? 1. Does the target location exist? 2. Exact text match, not actual file match • Example – shim configured to look for C:\Program Files\[app name removed]\Program\Options.xml • If program sets current directory and opens .\Program\Options.xml No match, shim not applied 3. Is the calling DLL getting hooked? • What is the immediate calling DLL? • Verify 2 and 3 with LUA Buglight
How Shims Work Process App.exe • IAT • CreateFile Msxml3.dll Crypt32.dll Urlmon.dll Custom1.dll Custom2.dll • IAT • CreateFile • IAT • CreateFile • IAT • CreateFile • IAT • CreateFile • IAT • CreateFile Kernel32.dll Shim DLL CorrectFilePaths implementation CreateFileW implementation
Case of the Failing CorrectFilePaths Shim Featured Tools: LUA Buglight Process Monitor with customer logs DEMO
Case # 73052 • Verify inputs and modules with LUA Buglight • Configure shim for msxml3.dll • App still failed • Look at Procmon traces with shim applied
Case # 73052 • Options: • Configure shim to intercept from all modules • Change permissions on Options.xml • Lesson 1: may need to look at more than failure cases • LUA Buglight and Standard User Analyzer show only the failure cases • Procmon filtered on “access denied” shows only failure cases • Lesson 2: CorrectFilePaths is a pain in the …
Case of the… MISSING OR UNREGISTERED OCX
Run-Once bugs • No repro after app runs (as admin) one time • Installation steps performed at runtime • Typical bugs: • Copy executable files into place • Register a COM or .NET component • Modify a required configuration file
Solving Run-Once Bugs • Know when future results compromised • Testing that can hide Run-Once bugs • “Try running it as admin” • Test with LUA Buglight or Standard User Analyzer • How do you know it’s a Run-Once bug? • Bug doesn’t repro at next standard user run • Need to be able to reimage quickly • Virtual machines (snapshots, undo disks) • MDT deployment (e.g., PXE boot) • Best fix for Run-Once bugs: Augment the installation
Case of the… UNSIGNED JAVA INSTALLER
Unsigned Packages • Packages that should be signed report as not signed • E.g., latest Java installer from Java.com • Happens in locked-down environments • FDCC/USGCB, DISA STIGs • “Root” cause:Turn off Automatic Root Certificates Update
Utilities • Sysinternals Process Monitor • Logger (Debugging Tools for Windows) • Standard User Analyzer (App Compat Toolkit) • LUA Buglight • v2.1 recently released • Includes support for Windows 7 and x64 • http://blogs.msdn.com/aaron_margosis/pages/LuaBuglight.aspx
References • Detailed shim documentation • ACT.chm in the App Compat Toolkit • Same material on technet.microsoft.com • Chris Jackson’s blog: blogs.msdn.com/cjacks • My blog: blogs.msdn.com/aaron_margosis • See “Changing Permissions on Folders vs. Files”http://blogs.msdn.com/aaron_margosis/archive/2006/06/19/638148.aspx • FDCC blog: blogs.technet.com/fdcc
What is the Springboard Series? The Springboard Series IT pro experience offers dynamic content and structured guidance across the adoption lifecycle • Inside of Microsoft we are • A turnkey IT pro engagement platform for depth and breadth • The program to mobilize MS marketing and field to focus on desktop OS IT pros • To the IT pro, our goal is • Be the definitive resource for Desktop IT pros • Open, honest; show don’t tell • Information at right time, right level across Adoption Lifecycle DISCOVER EXPLORE PILOT DEPLOY MANAGE How does it change my work? How do I maintain and optimize? Is it worth the pain? Is our environment ready? Is the organization ready? Weekly, Monthly and Quarterly Rhythm of Topical Content Springboard Technical Experts Panel Event Support and Resources Straight-talk Monthly Feature Articles and Overview Guides one-Windows TechCenter in 10 languages TalkingAboutWindows Video Blogs Virtual Roundtable Events Visit the Springboard Series on TechNet at www.microsoft.com/springboard
Required Slide Resources Learning • Sessions On-Demand & Community • Microsoft Certification & Training Resources www.microsoft.com/teched www.microsoft.com/learning • Resources for IT Professionals • Resources for Developers • http://microsoft.com/technet • http://microsoft.com/msdn
Required Slide Complete an evaluation on CommNet and enter to win!
Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st http://northamerica.msteched.com/registration You can also register at the North America 2011 kiosk located at registrationJoin us in Atlanta next year
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
When to Use Shims • Define standards for when to use this technique: • Vendor no longer in business • Internal applications • Support negotiable • Shimming applications can be outsourced
When Shims Are Used Windows loads app. Checks AppCompat DB(s). Match found: Selected API calls intercepted and modified. AppY.exe v 2.3.4.5 AppY.exe v 2.3.4.5 • Windows APIs • Kernel32 • User32 • Advapi32 • OleAut32 • …