1 / 65

Are You Breaking My Stuff Again? The Windows 7 App Compat Story

Are You Breaking My Stuff Again? The Windows 7 App Compat Story. Pieter Hancke Senior Consultant Microsoft Consulting Services Session Code: WCL304. Disclaimer. I am a techie… On a good day I can write scripts I want to help you get your Windows 7 deployments going

ziv
Download Presentation

Are You Breaking My Stuff Again? The Windows 7 App Compat Story

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Are You Breaking My Stuff Again? The Windows 7 App Compat Story Pieter Hancke Senior Consultant Microsoft Consulting Services Session Code: WCL304

  2. Disclaimer • I am a techie… • On a good day I can write scripts • I want to help you get your Windows 7 deployments going • Cover what is new in the app compat space • Highlight new issues and issues that remain from Windows Vista • What app compat strategy you should be using • I will not cover application development for compatibility • Now is the time to run for another session

  3. Windows 7 Builds on Windows Vista • Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). • Hardware that runs Windows Vista well will run Windows 7 well. Few Changes: Focus on quality and reliability improvements Deep Changes: New models for security, drivers, deployment, and networking

  4. Windows 7 Goals • Applications that worked on Windows Vista and Windows Server 2008 continue to work on Windows 7 / Windows Server 2008 R2 • Broad ISV outreach for critical applications

  5. The Net Result • There is no new “special sauce” that makes all software magically start working on Windows 7 if it didn’t work on Windows Vista • The security bets we made in Windows Vista were good ones, and we’re not taking them back • There are incremental targeted fixes – new shims have been created for some applications • If you work on Windows Vista, you probably work on Windows 7, unless…

  6. Application Compatibility Issues New Issues Since Windows Vista

  7. Operating System Version • Windows 7 is … Windows 6.1? • dwMajorVersion stays the same • dwMinorVersion changes • Remediation • Check for features, not versions • Use the > key • Version lies

  8. Some applications only check dwMajorVersion Some applications tried to do the right thing, but implemented it incorrectly if (majorVersion > 5 && minorVersion > 1) Why Version 6.1?

  9. xxxVersionLie • Symptoms • “Unsupported operating system” • Fix description • Lies

  10. Version Lie Shims • Win95VersionLie • WinNT4SP5VersionLie • Win98VersionLie • Win2000VersionLie • Win2000SP1VersionLie • Win2000SP2VersionLie • Win2000SP3VersionLie • WinXPVersionLie • WinXPSP1VersionLie • WinXPSP2VersionLie • Win2K3RTMVersionLie • Win2K3SP1VersionLie • VistaRTMVersionLie • VistaSP1VersionLie • VistaSP2VersionLie

  11. How Shims Work Application Windows Shimmed Function Import Function Export Function Shim DLL

  12. demo Shims

  13. Version Lie Layers • Win95 • NT4SP5 • Win98 • Win2000 • Win2000SP2 • Win2000SP3 • WinXP • WinXPSP1 • WinXPSP2 • WinXPSP2VersionLie • WinSrv03 • WinSrv03SP1 • VistaRTM • VistaSP1 • VistaSP2

  14. Compatibility Tab Layers

  15. Shims and Layers Application Child Application Shim Layer Windows

  16. Layers: More Than Version Lies • VistaRTM Layer: • DelayAppDllMain • ElevateCreateProcess • FailObsoleteShellAPIs • FaultTolerantHeap • GlobalMemoryStatus2GB • HandleBadPtr • NoGhost • RedirectMP3Codec • VirtualRegistry • VistaRTMVersionLie • WRPDllRegister • WRPMitigation

  17. IE Version • Without compatibility mode: • Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) • With compatibility mode: • Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

  18. Specifying Compatibility Mode <html> <head> <!-- Mimic Internet Explorer 7 --> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" /> <title>My Web Page</title> </head> <body> <p>Content goes here.</p> </body> </html>

  19. IIS Compatibility Mode <?xml version="1.0" encoding="utf-8"?> <configuration> <system.webServer> <httpProtocol> <customHeaders> <clear /> <add name="X-UA-Compatible" value="IE=EmulateIE7" /> </customHeaders> </httpProtocol> </system.webServer> </configuration>

  20. Detecting Compat Mode engine = null; if (window.navigator.appName == "Microsoft Internet Explorer") { // This is an IE browser. What mode is the engine in? if (document.documentMode) // IE8 engine = document.documentMode; else // IE 5-7 { engine = 5; // Assume quirks mode unless proven otherwise if (document.compatMode) { if (document.compatMode == "CSS1Compat") engine = 7; // standards mode } } // the engine variable now contains the document compatibility mode. }

  21. Windows Mail Deprecated • Replaced with Windows Live Mail – or the mail client of your choice • winmail.exe no longer on the system • Publicly documented APIs work • APIs that display UI break (silently fail) • Protocol handlers and file extensions not registered • Remediation • Remove calls to deprecated APIs • Detect if a mail handler is installed • Install a mail application

  22. Windows Movie Maker Deprecated • MovieMaker binaries and shortcuts removed • Attempts to launch the application fail • Plug-ins will remain installed, but will not be exposed to the user

  23. Removal of Registry Reflection • For x64 versions of Windows, we added Registry Reflection • HKLM\Software\Classes • HKLM\Software\Microsoft\COM3 • HKLM\Software\Microsoft\EventSystem • HKLM\Software\Microsoft\Ole • HKLM\Software\Microsoft\Rpc • HKEY_USERS\*\Software\Classes • HKEY_USERS\*_Classes

  24. Removal of Registry Reflection KEY_WOW64_64KEY KEY_WOW64_32KEY Value Value from 64 Value from 32 Value Value from 64 Value from 32

  25. Removal of Registry Reflection • Only known consumer: COM • COM was updated to not assume this • Motivation: feature caused inconsistencies in the state of the registry • Mitigations: • Use non-redirected registry keys • Explicitly use KEY_WOW64_64KEY • Read information from a known correct location

  26. New Low-Level Binaries • To improve the foundations of Windows, we have reorganized • Example: functionality from kernel32.dll and advapi32.dll moved to kernelbase.dll • Exported functions are forwarded • Applications depending on offsets and undocumented APIs can break • Remediation: • Rewrite to use documented APIs

  27. IE DEP Enabled by Default • Data Execution Prevention (NX) now enabled by default • Vista – you had to elevate IE to enable • Plug-ins that have an issue with DEP may cause the browser to crash • Remediation: • Use DEP-compatible versions of frameworks (such as ATL) • http://support.microsoft.com/kb/948468 • Use the /NXCOMPAT linker option

  28. File Libraries • Default location of common file dialogs: Documents Library • File libraries are files (not folders) • IFileDialog->GetFolder() + IFileDialog->GetFilename() breaks for library • GetFolder() returns a file • Remediation • Use IFileDialog->GetResult()

  29. User Account Control

  30. Tools and Tips Helpful?

  31. ACT 5.5 • New for 5.5: • DCP Tagging • Application Verifier 4.0 compatibility • Additional compatibility fix documentation • Windows 7 deprecation checks • Report filtering

  32. What’s New in ACT 5.5?

  33. Data Collection Package (DCP) Internals • Installation • Agents (Runtime Evaluation) • Inventory • User Account Control • Windows Compatibility • Update Compatibility • Bucketizer • Compressor • Uploader

  34. DCP Runtime Process Tree Just a scheduler! Uses shims!

  35. collect.exe: Inventory Agent • Perhaps the best software inventory tool availablefrom Microsoft • Searches: • The MSI database • MsiEnumComponents API • Add/remove programs • Registry entries • Windows Shell • HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders • HKU\...\Software\Microsoft\Windows\CurrentVerison\Explorer\Shell Folders • App paths • HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths

  36. collect.exe: Inventory Agent • Searches • Path environment variable • ExpandEnvironmentStrings API • HKU\...\Environment • File extension handlers • HKLM\Software\Classes\.*\Shell\Open\Command • HKU\...\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts • Run / RunOnce • HKLM\Software\Microsoft\Windows\CurrentVersion\Run • HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce • HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

  37. collect.exe: Inventory Agent • Services • EnumServiceStatus API, followed by • QueryServiceConfig API • Windows Components • Queries sysocmgr.inf (in %windir%\inf) • Enumerates optional components selected • Windows 7: mechanism has changed(sysocmgr.inf no longer used) • Let us remove Windows components(which you don’t care about!)

  38. uacce.exe: UAC Compatibility Evaluator • Uses shims to detect compatibility issues • Installs a custom shim database: uacce.sdb • Sets the __COMPAT_LAYER environment variable for explorer.exe • Checks for standard user access by removing Administrators from the token and calls the AccessCheck API • Contains the shims: • FileOperations – intercepts file APIs • RegistryOperations – intercepts registry APIs • ProfileOperations –profile (ini) APIs: removes ini file mappings, access check • RestrictedNamespace –CreateFileMapping API: checks the namespace • ElevatedRunLevel –process creation APIs: duplicates setup detection logic

  39. Windows Compatibility Evaluator • ginasession0.exe • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL • Enumerates services, looks for SERVICE_INTERACTIVE_PROCESS • dep.exe • Installs a shim database: dep.sdb • Sets the __COMPAT_LAYUER environment variable for explorer.exe • Contains the shims: • DllLoadOperations – compares to csv list of deprectated DLLs • ExeLoadOperations – compares to csv list of deprecated EXEs • RegistryLoadOperations – compares to csv list of deprecated keys • ApiLoadOperations – compares to csv list of deprecated APIs

  40. Uploading the Data • bucketizer.exe • Aligns issues to applications in the inventory • compressor.exe • Compresses logs into CAB files • uploader.exe • Copies data to a file share • If share directory unavailable, waits 5 seconds and tries again • Retries 3 times before giving up and waiting for next cycle

  41. High Level Architecture Compatibility Exchange Desktop Topology Finance HR Europe North America Log Processing Service and DB Internet Data Collection Package/Compatibility Evaluators Application Compatibility Manager Windows Vista Update Windows 7 Inventory Ichiro Greg

  42. demo Application Compatibility Toolkit

  43. Deployment Guidance: DCPs • Compatible Operating Systems: Windows 2003, XP, Vista, Win7, Server 2008 • Deployment Mechanism: SCCM 2007, SMS 2003, Group Policy, Logon scripts, other deployment software, manual distribution • Average DCP size: Under 1.5MB

  44. Deployment Guidance: Log Processing • Database Server Required: SQL Server 2005, SQL Server 2008, SQL Express • Size of logs created by DCP • Data Logs = 78KB (534KB Uncompressed) • Status Logs = 0.7KB (4KB Uncompressed) • Processing Time = 18 sec/data log • Approximate Stats for an 11,000 machine deployment (3 days, 2 hr. uploads): • Total # of Data Log Files: 67,494 • Time Taken to Process all Logs: 103 hours • Database size: 4.7GB

  45. Deployment Guidance: Compat. Exchange • Allow outbound access for SSL TCP port 443 • Enable access to Compatibility Exchange webservice if you are behind a firewall

  46. Application Compatibility Strategies Which way to go

  47. Application Compatibility Process Collect 1 Which applications do I HAVE? Analyze 2 Which applications do I WANT? Test and Mitigate 3 Which applications WORK?

  48. Fixing Application Compatibility Bugs • Roughly 4 options: • Buy a new version of the application • Use inventory tools to identify all your applications • Recode the application if it was developed in-house • Create custom shim database for the application to fix it • Employ virtualization technologies

  49. Microsoft Desktop Optimization Pack What the Desktop Optimization Pack provides Regular updates Faster upgrade cycle, separate from Windows® Minimal deployment effort 1 Provide immediate ROI 2 Run out of the box Integrate with existing management solutions Deliver end-to-end solutions 3 >95% of MDOP customers are (very) satisfied *1 $70-$80 net cost savings per PC per year using MDOP *2 Lower Desktop TCO *1, Microsoft MDOP customer study. Base: Current MDOP customer n=108, non-MDOP customer n=367 *2, MDOP ROI Analysis by Wipro

More Related