Slide1 l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 65

Are You Breaking My Stuff Again? The Windows 7 App Compat Story PowerPoint PPT Presentation


  • 305 Views
  • Uploaded on
  • Presentation posted in: General

Are You Breaking My Stuff Again? The Windows 7 App Compat Story. Pieter Hancke Senior Consultant Microsoft Consulting Services Session Code: WCL304. Disclaimer. I am a techie… On a good day I can write scripts I want to help you get your Windows 7 deployments going

Download Presentation

Are You Breaking My Stuff Again? The Windows 7 App Compat Story

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Are you breaking my stuff again the windows 7 app compat story l.jpg

Are You Breaking My Stuff Again? The Windows 7 App Compat Story

Pieter Hancke

Senior Consultant

Microsoft Consulting Services

Session Code: WCL304


Disclaimer l.jpg

Disclaimer

  • I am a techie…

    • On a good day I can write scripts

  • I want to help you get your Windows 7 deployments going

    • Cover what is new in the app compat space

    • Highlight new issues and issues that remain from Windows Vista

    • What app compat strategy you should be using

  • I will not cover application development for compatibility

    • Now is the time to run for another session


Windows 7 builds on windows vista l.jpg

Windows 7 Builds on Windows Vista

  • Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc).

  • Hardware that runs Windows Vista well will run Windows 7 well.

Few Changes: Focus on quality and reliability improvements

Deep Changes: New models for security, drivers, deployment, and networking


Windows 7 goals l.jpg

Windows 7 Goals

  • Applications that worked on Windows Vista and Windows Server 2008 continue to work on Windows 7 / Windows Server 2008 R2

  • Broad ISV outreach for critical applications


The net result l.jpg

The Net Result

  • There is no new “special sauce” that makes all software magically start working on Windows 7 if it didn’t work on Windows Vista

    • The security bets we made in Windows Vista were good ones, and we’re not taking them back

    • There are incremental targeted fixes – new shims have been created for some applications

  • If you work on Windows Vista, you probably work on Windows 7, unless…


Application compatibility issues l.jpg

Application Compatibility Issues

New Issues Since Windows Vista


Operating system version l.jpg

Operating System Version

  • Windows 7 is … Windows 6.1?

    • dwMajorVersion stays the same

    • dwMinorVersion changes

  • Remediation

    • Check for features, not versions

    • Use the > key

    • Version lies


Why version 6 1 l.jpg

Some applications only check dwMajorVersion

Some applications tried to do the right thing, but implemented it incorrectly

if (majorVersion > 5 && minorVersion > 1)

Why Version 6.1?


Xxxversionlie l.jpg

xxxVersionLie

  • Symptoms

    • “Unsupported operating system”

  • Fix description

    • Lies


Version lie shims l.jpg

Version Lie Shims

  • Win95VersionLie

  • WinNT4SP5VersionLie

  • Win98VersionLie

  • Win2000VersionLie

  • Win2000SP1VersionLie

  • Win2000SP2VersionLie

  • Win2000SP3VersionLie

  • WinXPVersionLie

  • WinXPSP1VersionLie

  • WinXPSP2VersionLie

  • Win2K3RTMVersionLie

  • Win2K3SP1VersionLie

  • VistaRTMVersionLie

  • VistaSP1VersionLie

  • VistaSP2VersionLie


How shims work l.jpg

How Shims Work

Application

Windows

Shimmed

Function

Import Function

Export

Function

Shim DLL


Shims l.jpg

demo

Shims


Version lie layers l.jpg

Version Lie Layers

  • Win95

  • NT4SP5

  • Win98

  • Win2000

  • Win2000SP2

  • Win2000SP3

  • WinXP

  • WinXPSP1

  • WinXPSP2

  • WinXPSP2VersionLie

  • WinSrv03

  • WinSrv03SP1

  • VistaRTM

  • VistaSP1

  • VistaSP2


Compatibility tab l.jpg

Compatibility Tab

Layers


Shims and layers l.jpg

Shims and Layers

Application

Child Application

Shim

Layer

Windows


Layers more than version lies l.jpg

Layers: More Than Version Lies

  • VistaRTM Layer:

    • DelayAppDllMain

    • ElevateCreateProcess

    • FailObsoleteShellAPIs

    • FaultTolerantHeap

    • GlobalMemoryStatus2GB

    • HandleBadPtr

  • NoGhost

  • RedirectMP3Codec

  • VirtualRegistry

  • VistaRTMVersionLie

  • WRPDllRegister

  • WRPMitigation


Ie version l.jpg

IE Version

  • Without compatibility mode:

    • Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

  • With compatibility mode:

    • Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)


Specifying compatibility mode l.jpg

Specifying Compatibility Mode

<html>

<head>

<!-- Mimic Internet Explorer 7 -->

<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />

<title>My Web Page</title>

</head>

<body>

<p>Content goes here.</p>

</body>

</html>


Iis compatibility mode l.jpg

IIS Compatibility Mode

<?xml version="1.0" encoding="utf-8"?>

<configuration>

<system.webServer>

<httpProtocol>

<customHeaders>

<clear />

<add name="X-UA-Compatible" value="IE=EmulateIE7" />

</customHeaders>

</httpProtocol>

</system.webServer>

</configuration>


Detecting compat mode l.jpg

Detecting Compat Mode

engine = null;

if (window.navigator.appName == "Microsoft Internet Explorer")

{

// This is an IE browser. What mode is the engine in?

if (document.documentMode) // IE8

engine = document.documentMode;

else // IE 5-7

{

engine = 5; // Assume quirks mode unless proven otherwise

if (document.compatMode)

{

if (document.compatMode == "CSS1Compat")

engine = 7; // standards mode

}

}

// the engine variable now contains the document compatibility mode.

}


Windows mail deprecated l.jpg

Windows Mail Deprecated

  • Replaced with Windows Live Mail – or the mail client of your choice

  • winmail.exe no longer on the system

  • Publicly documented APIs work

    • APIs that display UI break (silently fail)

  • Protocol handlers and file extensions not registered

  • Remediation

    • Remove calls to deprecated APIs

    • Detect if a mail handler is installed

    • Install a mail application


Windows movie maker deprecated l.jpg

Windows Movie Maker Deprecated

  • MovieMaker binaries and shortcuts removed

  • Attempts to launch the application fail

  • Plug-ins will remain installed, but will not be exposed to the user


Removal of registry reflection l.jpg

Removal of Registry Reflection

  • For x64 versions of Windows, we added Registry Reflection

    • HKLM\Software\Classes

    • HKLM\Software\Microsoft\COM3

    • HKLM\Software\Microsoft\EventSystem

    • HKLM\Software\Microsoft\Ole

    • HKLM\Software\Microsoft\Rpc

    • HKEY_USERS\*\Software\Classes

    • HKEY_USERS\*_Classes


Removal of registry reflection25 l.jpg

Removal of Registry Reflection

KEY_WOW64_64KEY

KEY_WOW64_32KEY

Value

Value from 64

Value from 32

Value

Value from 64

Value from 32


Removal of registry reflection26 l.jpg

Removal of Registry Reflection

  • Only known consumer: COM

    • COM was updated to not assume this

  • Motivation: feature caused inconsistencies in the state of the registry

  • Mitigations:

    • Use non-redirected registry keys

    • Explicitly use KEY_WOW64_64KEY

    • Read information from a known correct location


New low level binaries l.jpg

New Low-Level Binaries

  • To improve the foundations of Windows, we have reorganized

  • Example: functionality from kernel32.dll and advapi32.dll moved to kernelbase.dll

  • Exported functions are forwarded

  • Applications depending on offsets and undocumented APIs can break

  • Remediation:

    • Rewrite to use documented APIs


Ie dep enabled by default l.jpg

IE DEP Enabled by Default

  • Data Execution Prevention (NX) now enabled by default

    • Vista – you had to elevate IE to enable

  • Plug-ins that have an issue with DEP may cause the browser to crash

  • Remediation:

    • Use DEP-compatible versions of frameworks (such as ATL)

      • http://support.microsoft.com/kb/948468

    • Use the /NXCOMPAT linker option


File libraries l.jpg

File Libraries

  • Default location of common file dialogs: Documents Library

  • File libraries are files (not folders)

  • IFileDialog->GetFolder() + IFileDialog->GetFilename() breaks for library

    • GetFolder() returns a file

  • Remediation

    • Use IFileDialog->GetResult()


User account control l.jpg

User Account Control


Tools and tips l.jpg

Tools and Tips

Helpful?


Act 5 5 l.jpg

ACT 5.5

  • New for 5.5:

    • DCP Tagging

    • Application Verifier 4.0 compatibility

    • Additional compatibility fix documentation

    • Windows 7 deprecation checks

    • Report filtering


What s new in act 5 5 l.jpg

What’s New in ACT 5.5?


Data collection package dcp internals l.jpg

Data Collection Package (DCP) Internals

  • Installation

  • Agents (Runtime Evaluation)

    • Inventory

    • User Account Control

    • Windows Compatibility

    • Update Compatibility

    • Bucketizer

    • Compressor

    • Uploader


Dcp runtime process tree l.jpg

DCP Runtime Process Tree

Just a scheduler!

Uses shims!


Collect exe inventory agent l.jpg

collect.exe: Inventory Agent

  • Perhaps the best software inventory tool availablefrom Microsoft

  • Searches:

    • The MSI database

      • MsiEnumComponents API

    • Add/remove programs

      • Registry entries

    • Windows Shell

      • HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

      • HKU\...\Software\Microsoft\Windows\CurrentVerison\Explorer\Shell Folders

    • App paths

      • HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths


Collect exe inventory agent37 l.jpg

collect.exe: Inventory Agent

  • Searches

    • Path environment variable

      • ExpandEnvironmentStrings API

      • HKU\...\Environment

    • File extension handlers

      • HKLM\Software\Classes\.*\Shell\Open\Command

      • HKU\...\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts

    • Run / RunOnce

      • HKLM\Software\Microsoft\Windows\CurrentVersion\Run

      • HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

      • HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx


Collect exe inventory agent38 l.jpg

collect.exe: Inventory Agent

  • Services

    • EnumServiceStatus API, followed by

    • QueryServiceConfig API

  • Windows Components

    • Queries sysocmgr.inf (in %windir%\inf)

    • Enumerates optional components selected

    • Windows 7: mechanism has changed(sysocmgr.inf no longer used)

    • Let us remove Windows components(which you don’t care about!)


Uacce exe uac compatibility evaluator l.jpg

uacce.exe: UAC Compatibility Evaluator

  • Uses shims to detect compatibility issues

    • Installs a custom shim database: uacce.sdb

    • Sets the __COMPAT_LAYER environment variable for explorer.exe

    • Checks for standard user access by removing Administrators from the token and calls the AccessCheck API

    • Contains the shims:

      • FileOperations – intercepts file APIs

      • RegistryOperations – intercepts registry APIs

      • ProfileOperations –profile (ini) APIs: removes ini file mappings, access check

      • RestrictedNamespace –CreateFileMapping API: checks the namespace

      • ElevatedRunLevel –process creation APIs: duplicates setup detection logic


Windows compatibility evaluator l.jpg

Windows Compatibility Evaluator

  • ginasession0.exe

    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL

    • Enumerates services, looks for SERVICE_INTERACTIVE_PROCESS

  • dep.exe

    • Installs a shim database: dep.sdb

    • Sets the __COMPAT_LAYUER environment variable for explorer.exe

    • Contains the shims:

      • DllLoadOperations – compares to csv list of deprectated DLLs

      • ExeLoadOperations – compares to csv list of deprecated EXEs

      • RegistryLoadOperations – compares to csv list of deprecated keys

      • ApiLoadOperations – compares to csv list of deprecated APIs


Uploading the data l.jpg

Uploading the Data

  • bucketizer.exe

    • Aligns issues to applications in the inventory

  • compressor.exe

    • Compresses logs into CAB files

  • uploader.exe

    • Copies data to a file share

    • If share directory unavailable, waits 5 seconds and tries again

    • Retries 3 times before giving up and waiting for next cycle


High level architecture l.jpg

High Level Architecture

Compatibility Exchange

Desktop Topology

Finance

HR

Europe

North America

Log Processing Service and DB

Internet

Data Collection Package/Compatibility Evaluators

Application Compatibility Manager

Windows Vista

Update

Windows 7

Inventory

Ichiro

Greg


Application compatibility toolkit l.jpg

demo

Application Compatibility Toolkit


Deployment guidance dcps l.jpg

Deployment Guidance: DCPs

  • Compatible Operating Systems: Windows 2003, XP, Vista, Win7, Server 2008

  • Deployment Mechanism: SCCM 2007, SMS 2003, Group Policy, Logon scripts, other deployment software, manual distribution

  • Average DCP size: Under 1.5MB


Deployment guidance log processing l.jpg

Deployment Guidance: Log Processing

  • Database Server Required: SQL Server 2005, SQL Server 2008, SQL Express

  • Size of logs created by DCP

    • Data Logs = 78KB (534KB Uncompressed)

    • Status Logs = 0.7KB (4KB Uncompressed)

  • Processing Time = 18 sec/data log

  • Approximate Stats for an 11,000 machine deployment (3 days, 2 hr. uploads):

    • Total # of Data Log Files: 67,494

    • Time Taken to Process all Logs: 103 hours

    • Database size: 4.7GB


Deployment guidance compat exchange l.jpg

Deployment Guidance: Compat. Exchange

  • Allow outbound access for SSL TCP port 443

  • Enable access to Compatibility Exchange webservice if you are behind a firewall


Application compatibility strategies l.jpg

Application Compatibility Strategies

Which way to go


App lication compat ibility process l.jpg

Application Compatibility Process

Collect

1

Which applications do I HAVE?

Analyze

2

Which applications do I WANT?

Test and Mitigate

3

Which applications WORK?


Fixing application compatibility bugs l.jpg

Fixing Application Compatibility Bugs

  • Roughly 4 options:

    • Buy a new version of the application

      • Use inventory tools to identify all your applications

    • Recode the application if it was developed in-house

    • Create custom shim database for the application to fix it

    • Employ virtualization technologies


Microsoft desktop optimization pack l.jpg

Microsoft Desktop Optimization Pack

What the Desktop Optimization Pack provides

Regular updates

Faster upgrade cycle, separate from Windows®

Minimal deployment effort

1

Provide immediate ROI

2

Run out of the box

Integrate with existing management solutions

Deliver end-to-end solutions

3

>95% of MDOP customers are (very) satisfied *1

$70-$80 net cost savings per PC per year using MDOP *2

Lower Desktop TCO

*1, Microsoft MDOP customer study. Base: Current MDOP customer n=108, non-MDOP customer n=367

*2, MDOP ROI Analysis by Wipro


Desktop vs application virtualization l.jpg

Desktop vs. Application Virtualization

  • What it does

  • Creates a package with a full OS

  • What it is good for

  • Resolve incompatibility between applications and a new OS

  • Run two environments on a single PC

  • What it does

  • Creates a package of an application

  • Eliminates software install

  • Isolates each application

  • What it is good for

  • Resolve conflicts between applications

  • Simplify application delivery and testing

Applications

Operating System

®

Hardware


Microsoft application virtualization v summary l.jpg

Microsoft Application Virtualization -V Summary

App-V v4.5 Goals

  • Fewer application conflicts

  • Faster and easier application updates

  • The ability to run multiple versions of the same app side by side

  • Flexible applications that follow users online and offline

  • Reduced application-to-application regression testing


Introducing windows xp mode l.jpg

Virtual PC 2007

Introducing Windows XP Mode

Windows Virtual PC @ Windows 7

  • Primary Audience: Developers / IT Pro

  • Key Scenarios: Dev & test & Help-Desk

  • Typical guest OS: Multiple Guest OS

  • Cost: license required for each guest OS

  • New Audience: Business users

  • Key Scenario: Windows XP Compatibility

  • Typical guest OS: Windows XP

  • Cost: None. Virtual Windows XP Included with Windows 7 Pro/Ultimate


Med v and windows xp mode l.jpg

MED-V and Windows XP Mode

Migrate to Windows 7 now – run older productivity applications inside a Windows XP virtual machine

  • Non IT-Managed: Use Windows 7 Pro “Windows XP Mode”

  • IT-Managed: Use MED-V to add delivery, policy-based provisioning and centralized management for virtual Windows XP images

“…when migrating from XP to Windows 7, [MED-V] is a solution that is fast, simple, cost-effective and most importantly, non-disruptive to business users”


Med v and windows xp mode details l.jpg

MED-V and Windows XP Mode - Details

  • MED-V* Centrally Manages Virtual Windows Environments

  • Deploy – deliver virtual Windows images and customize per user and device settings

  • Provision – define which applications and websites are available to different users

  • Control – assign and expire usage permissions and Virtual PC settings

  • Maintain and Support - update images, monitor users and remotely troubleshoot

*Available post Windows 7 GA as part of Microsoft Desktop Optimization Pack (MDOP)

  • Windows Virtual PC Provides the Ease of Use for End Users

  • Run Windows XP or other Windows environments on Windows 7

  • Install and launch Windows XP applications from Win7 Desktop

  • IT Pros: Use MED-V when deploying Windows Virtual PCs, to reduce complexity, maintain control and keep costs low


Med v user experience l.jpg

MED-V User experience

  • Applications installed in the VM, appear on the desktop as if they were running natively.


Slide57 l.jpg

Provision the VM to users and groups

Assign expiration policy and data transfer policies for specific users


Slide58 l.jpg

Redirect web requests to Internet Explorer®inside the virtual machine on user request or according to pre-defined administrator rules


Overall app v med v summary l.jpg

Overall App-V/MED-V Summary

  • MED-V is the solution for legacy application compatibility concerns

  • App-V enables new deployment scenarios

  • App-V increases the reliability of machines by isolating applications


Resources l.jpg

Required Slide

Speakers,

TechEd 2009 is not producing

a DVD. Please announce that

attendees can access session

recordings from Tech-Ed website. These will only be available after the event.

Resources

Tech·Ed Africa 2009 sessions will be made available for download the week after the event from: www.tech-ed.co.za

  • www.microsoft.com/teched

    International Content & Community

  • www.microsoft.com/learning

  • Microsoft Certification & Training Resources

  • http://microsoft.com/technet

    • Resources for IT Professionals

  • http://microsoft.com/msdn

    Resources for Developers


Related content l.jpg

Required Slide

Speakers,

please list the Breakout Sessions, TLC Interactive Theaters and Labs that are related to your session. Any queries, please check with your Track Owner.

Related Content

WCL302

Windows Application Readiness for Developers

Wed 5 Aug 09:00 - 10:00

Speaker: Lynn Langit


Session resources l.jpg

Required Slide

Track Owners to provide guidance.

Please address any queries to your track owners.

Session Resources

Chris Jackson (The App Compat Guy)’s Blog

http://appcompatguy.com

Windows Compatibility Center

http://www.microsoft.com/windows/compatibility

Application Compatibility Toolkit 5.5 Download

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=24da89e9-b581-47b0-b45e-492dd6da2971

Application Compatibility Toolkit 5.5 Webcasts

http://technet.microsoft.com/en-us/windows/aa905066.aspx


Slide63 l.jpg

question & answer


Slide64 l.jpg

Required Slide

10 pairs of MP3 sunglasses to be won

Complete a session evaluation and enter to win!


Slide65 l.jpg

Required Slide

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


  • Login