slide1
Download
Skip this Video
Download Presentation
Are You Breaking My Stuff Again? The Windows 7 App Compat Story

Loading in 2 Seconds...

play fullscreen
1 / 65

Are You Breaking My Stuff Again The Windows 7 App Compat Story - PowerPoint PPT Presentation


  • 351 Views
  • Uploaded on

Are You Breaking My Stuff Again? The Windows 7 App Compat Story. Pieter Hancke Senior Consultant Microsoft Consulting Services Session Code: WCL304. Disclaimer. I am a techie… On a good day I can write scripts I want to help you get your Windows 7 deployments going

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Are You Breaking My Stuff Again The Windows 7 App Compat Story' - ziv


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
are you breaking my stuff again the windows 7 app compat story

Are You Breaking My Stuff Again? The Windows 7 App Compat Story

Pieter Hancke

Senior Consultant

Microsoft Consulting Services

Session Code: WCL304

disclaimer
Disclaimer
  • I am a techie…
    • On a good day I can write scripts
  • I want to help you get your Windows 7 deployments going
    • Cover what is new in the app compat space
    • Highlight new issues and issues that remain from Windows Vista
    • What app compat strategy you should be using
  • I will not cover application development for compatibility
    • Now is the time to run for another session
windows 7 builds on windows vista
Windows 7 Builds on Windows Vista
  • Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc).
  • Hardware that runs Windows Vista well will run Windows 7 well.

Few Changes: Focus on quality and reliability improvements

Deep Changes: New models for security, drivers, deployment, and networking

windows 7 goals
Windows 7 Goals
  • Applications that worked on Windows Vista and Windows Server 2008 continue to work on Windows 7 / Windows Server 2008 R2
  • Broad ISV outreach for critical applications
the net result
The Net Result
  • There is no new “special sauce” that makes all software magically start working on Windows 7 if it didn’t work on Windows Vista
    • The security bets we made in Windows Vista were good ones, and we’re not taking them back
    • There are incremental targeted fixes – new shims have been created for some applications
  • If you work on Windows Vista, you probably work on Windows 7, unless…
application compatibility issues

Application Compatibility Issues

New Issues Since Windows Vista

operating system version
Operating System Version
  • Windows 7 is … Windows 6.1?
    • dwMajorVersion stays the same
    • dwMinorVersion changes
  • Remediation
    • Check for features, not versions
    • Use the > key
    • Version lies
why version 6 1

Some applications only check dwMajorVersion

Some applications tried to do the right thing, but implemented it incorrectly

if (majorVersion > 5 && minorVersion > 1)

Why Version 6.1?
xxxversionlie
xxxVersionLie
  • Symptoms
    • “Unsupported operating system”
  • Fix description
    • Lies
version lie shims
Version Lie Shims
  • Win95VersionLie
  • WinNT4SP5VersionLie
  • Win98VersionLie
  • Win2000VersionLie
  • Win2000SP1VersionLie
  • Win2000SP2VersionLie
  • Win2000SP3VersionLie
  • WinXPVersionLie
  • WinXPSP1VersionLie
  • WinXPSP2VersionLie
  • Win2K3RTMVersionLie
  • Win2K3SP1VersionLie
  • VistaRTMVersionLie
  • VistaSP1VersionLie
  • VistaSP2VersionLie
how shims work
How Shims Work

Application

Windows

Shimmed

Function

Import Function

Export

Function

Shim DLL

version lie layers
Version Lie Layers
  • Win95
  • NT4SP5
  • Win98
  • Win2000
  • Win2000SP2
  • Win2000SP3
  • WinXP
  • WinXPSP1
  • WinXPSP2
  • WinXPSP2VersionLie
  • WinSrv03
  • WinSrv03SP1
  • VistaRTM
  • VistaSP1
  • VistaSP2
shims and layers
Shims and Layers

Application

Child Application

Shim

Layer

Windows

layers more than version lies
Layers: More Than Version Lies
  • VistaRTM Layer:
    • DelayAppDllMain
    • ElevateCreateProcess
    • FailObsoleteShellAPIs
    • FaultTolerantHeap
    • GlobalMemoryStatus2GB
    • HandleBadPtr
  • NoGhost
  • RedirectMP3Codec
  • VirtualRegistry
  • VistaRTMVersionLie
  • WRPDllRegister
  • WRPMitigation
ie version
IE Version
  • Without compatibility mode:
    • Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
  • With compatibility mode:
    • Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
specifying compatibility mode
Specifying Compatibility Mode

<html>

<head>

<!-- Mimic Internet Explorer 7 -->

<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />

<title>My Web Page</title>

</head>

<body>

<p>Content goes here.</p>

</body>

</html>

iis compatibility mode
IIS Compatibility Mode

<?xml version="1.0" encoding="utf-8"?>

<configuration>

<system.webServer>

<httpProtocol>

<customHeaders>

<clear />

<add name="X-UA-Compatible" value="IE=EmulateIE7" />

</customHeaders>

</httpProtocol>

</system.webServer>

</configuration>

detecting compat mode
Detecting Compat Mode

engine = null;

if (window.navigator.appName == "Microsoft Internet Explorer")

{

// This is an IE browser. What mode is the engine in?

if (document.documentMode) // IE8

engine = document.documentMode;

else // IE 5-7

{

engine = 5; // Assume quirks mode unless proven otherwise

if (document.compatMode)

{

if (document.compatMode == "CSS1Compat")

engine = 7; // standards mode

}

}

// the engine variable now contains the document compatibility mode.

}

windows mail deprecated
Windows Mail Deprecated
  • Replaced with Windows Live Mail – or the mail client of your choice
  • winmail.exe no longer on the system
  • Publicly documented APIs work
    • APIs that display UI break (silently fail)
  • Protocol handlers and file extensions not registered
  • Remediation
    • Remove calls to deprecated APIs
    • Detect if a mail handler is installed
    • Install a mail application
windows movie maker deprecated
Windows Movie Maker Deprecated
  • MovieMaker binaries and shortcuts removed
  • Attempts to launch the application fail
  • Plug-ins will remain installed, but will not be exposed to the user
removal of registry reflection
Removal of Registry Reflection
  • For x64 versions of Windows, we added Registry Reflection
    • HKLM\Software\Classes
    • HKLM\Software\Microsoft\COM3
    • HKLM\Software\Microsoft\EventSystem
    • HKLM\Software\Microsoft\Ole
    • HKLM\Software\Microsoft\Rpc
    • HKEY_USERS\*\Software\Classes
    • HKEY_USERS\*_Classes
removal of registry reflection25
Removal of Registry Reflection

KEY_WOW64_64KEY

KEY_WOW64_32KEY

Value

Value from 64

Value from 32

Value

Value from 64

Value from 32

removal of registry reflection26
Removal of Registry Reflection
  • Only known consumer: COM
    • COM was updated to not assume this
  • Motivation: feature caused inconsistencies in the state of the registry
  • Mitigations:
    • Use non-redirected registry keys
    • Explicitly use KEY_WOW64_64KEY
    • Read information from a known correct location
new low level binaries
New Low-Level Binaries
  • To improve the foundations of Windows, we have reorganized
  • Example: functionality from kernel32.dll and advapi32.dll moved to kernelbase.dll
  • Exported functions are forwarded
  • Applications depending on offsets and undocumented APIs can break
  • Remediation:
    • Rewrite to use documented APIs
ie dep enabled by default
IE DEP Enabled by Default
  • Data Execution Prevention (NX) now enabled by default
    • Vista – you had to elevate IE to enable
  • Plug-ins that have an issue with DEP may cause the browser to crash
  • Remediation:
    • Use DEP-compatible versions of frameworks (such as ATL)
      • http://support.microsoft.com/kb/948468
    • Use the /NXCOMPAT linker option
file libraries
File Libraries
  • Default location of common file dialogs: Documents Library
  • File libraries are files (not folders)
  • IFileDialog->GetFolder() + IFileDialog->GetFilename() breaks for library
    • GetFolder() returns a file
  • Remediation
    • Use IFileDialog->GetResult()
act 5 5
ACT 5.5
  • New for 5.5:
    • DCP Tagging
    • Application Verifier 4.0 compatibility
    • Additional compatibility fix documentation
    • Windows 7 deprecation checks
    • Report filtering
data collection package dcp internals
Data Collection Package (DCP) Internals
  • Installation
  • Agents (Runtime Evaluation)
    • Inventory
    • User Account Control
    • Windows Compatibility
    • Update Compatibility
    • Bucketizer
    • Compressor
    • Uploader
dcp runtime process tree
DCP Runtime Process Tree

Just a scheduler!

Uses shims!

collect exe inventory agent
collect.exe: Inventory Agent
  • Perhaps the best software inventory tool availablefrom Microsoft
  • Searches:
    • The MSI database
      • MsiEnumComponents API
    • Add/remove programs
      • Registry entries
    • Windows Shell
      • HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
      • HKU\...\Software\Microsoft\Windows\CurrentVerison\Explorer\Shell Folders
    • App paths
      • HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths
collect exe inventory agent37
collect.exe: Inventory Agent
  • Searches
    • Path environment variable
      • ExpandEnvironmentStrings API
      • HKU\...\Environment
    • File extension handlers
      • HKLM\Software\Classes\.*\Shell\Open\Command
      • HKU\...\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
    • Run / RunOnce
      • HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      • HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
      • HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
collect exe inventory agent38
collect.exe: Inventory Agent
  • Services
    • EnumServiceStatus API, followed by
    • QueryServiceConfig API
  • Windows Components
    • Queries sysocmgr.inf (in %windir%\inf)
    • Enumerates optional components selected
    • Windows 7: mechanism has changed(sysocmgr.inf no longer used)
    • Let us remove Windows components(which you don’t care about!)
uacce exe uac compatibility evaluator
uacce.exe: UAC Compatibility Evaluator
  • Uses shims to detect compatibility issues
    • Installs a custom shim database: uacce.sdb
    • Sets the __COMPAT_LAYER environment variable for explorer.exe
    • Checks for standard user access by removing Administrators from the token and calls the AccessCheck API
    • Contains the shims:
      • FileOperations – intercepts file APIs
      • RegistryOperations – intercepts registry APIs
      • ProfileOperations –profile (ini) APIs: removes ini file mappings, access check
      • RestrictedNamespace –CreateFileMapping API: checks the namespace
      • ElevatedRunLevel –process creation APIs: duplicates setup detection logic
windows compatibility evaluator
Windows Compatibility Evaluator
  • ginasession0.exe
    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
    • Enumerates services, looks for SERVICE_INTERACTIVE_PROCESS
  • dep.exe
    • Installs a shim database: dep.sdb
    • Sets the __COMPAT_LAYUER environment variable for explorer.exe
    • Contains the shims:
      • DllLoadOperations – compares to csv list of deprectated DLLs
      • ExeLoadOperations – compares to csv list of deprecated EXEs
      • RegistryLoadOperations – compares to csv list of deprecated keys
      • ApiLoadOperations – compares to csv list of deprecated APIs
uploading the data
Uploading the Data
  • bucketizer.exe
    • Aligns issues to applications in the inventory
  • compressor.exe
    • Compresses logs into CAB files
  • uploader.exe
    • Copies data to a file share
    • If share directory unavailable, waits 5 seconds and tries again
    • Retries 3 times before giving up and waiting for next cycle
high level architecture
High Level Architecture

Compatibility Exchange

Desktop Topology

Finance

HR

Europe

North America

Log Processing Service and DB

Internet

Data Collection Package/Compatibility Evaluators

Application Compatibility Manager

Windows Vista

Update

Windows 7

Inventory

Ichiro

Greg

deployment guidance dcps
Deployment Guidance: DCPs
  • Compatible Operating Systems: Windows 2003, XP, Vista, Win7, Server 2008
  • Deployment Mechanism: SCCM 2007, SMS 2003, Group Policy, Logon scripts, other deployment software, manual distribution
  • Average DCP size: Under 1.5MB
deployment guidance log processing
Deployment Guidance: Log Processing
  • Database Server Required: SQL Server 2005, SQL Server 2008, SQL Express
  • Size of logs created by DCP
    • Data Logs = 78KB (534KB Uncompressed)
    • Status Logs = 0.7KB (4KB Uncompressed)
  • Processing Time = 18 sec/data log
  • Approximate Stats for an 11,000 machine deployment (3 days, 2 hr. uploads):
    • Total # of Data Log Files: 67,494
    • Time Taken to Process all Logs: 103 hours
    • Database size: 4.7GB
deployment guidance compat exchange
Deployment Guidance: Compat. Exchange
  • Allow outbound access for SSL TCP port 443
  • Enable access to Compatibility Exchange webservice if you are behind a firewall
app lication compat ibility process
Application Compatibility Process

Collect

1

Which applications do I HAVE?

Analyze

2

Which applications do I WANT?

Test and Mitigate

3

Which applications WORK?

fixing application compatibility bugs
Fixing Application Compatibility Bugs
  • Roughly 4 options:
    • Buy a new version of the application
      • Use inventory tools to identify all your applications
    • Recode the application if it was developed in-house
    • Create custom shim database for the application to fix it
    • Employ virtualization technologies
microsoft desktop optimization pack
Microsoft Desktop Optimization Pack

What the Desktop Optimization Pack provides

Regular updates

Faster upgrade cycle, separate from Windows®

Minimal deployment effort

1

Provide immediate ROI

2

Run out of the box

Integrate with existing management solutions

Deliver end-to-end solutions

3

>95% of MDOP customers are (very) satisfied *1

$70-$80 net cost savings per PC per year using MDOP *2

Lower Desktop TCO

*1, Microsoft MDOP customer study. Base: Current MDOP customer n=108, non-MDOP customer n=367

*2, MDOP ROI Analysis by Wipro

desktop vs application virtualization
Desktop vs. Application Virtualization
  • What it does
  • Creates a package with a full OS
  • What it is good for
  • Resolve incompatibility between applications and a new OS
  • Run two environments on a single PC
  • What it does
  • Creates a package of an application
  • Eliminates software install
  • Isolates each application
  • What it is good for
  • Resolve conflicts between applications
  • Simplify application delivery and testing

Applications

Operating System

®

Hardware

microsoft application virtualization v summary
Microsoft Application Virtualization -V Summary

App-V v4.5 Goals

  • Fewer application conflicts
  • Faster and easier application updates
  • The ability to run multiple versions of the same app side by side
  • Flexible applications that follow users online and offline
  • Reduced application-to-application regression testing
introducing windows xp mode
Virtual PC 2007Introducing Windows XP Mode

Windows Virtual PC @ Windows 7

  • Primary Audience: Developers / IT Pro
  • Key Scenarios: Dev & test & Help-Desk
  • Typical guest OS: Multiple Guest OS
  • Cost: license required for each guest OS
  • New Audience: Business users
  • Key Scenario: Windows XP Compatibility
  • Typical guest OS: Windows XP
  • Cost: None. Virtual Windows XP Included with Windows 7 Pro/Ultimate
med v and windows xp mode
MED-V and Windows XP Mode

Migrate to Windows 7 now – run older productivity applications inside a Windows XP virtual machine

  • Non IT-Managed: Use Windows 7 Pro “Windows XP Mode”
  • IT-Managed: Use MED-V to add delivery, policy-based provisioning and centralized management for virtual Windows XP images

“…when migrating from XP to Windows 7, [MED-V] is a solution that is fast, simple, cost-effective and most importantly, non-disruptive to business users”

med v and windows xp mode details
MED-V and Windows XP Mode - Details
  • MED-V* Centrally Manages Virtual Windows Environments
  • Deploy – deliver virtual Windows images and customize per user and device settings
  • Provision – define which applications and websites are available to different users
  • Control – assign and expire usage permissions and Virtual PC settings
  • Maintain and Support - update images, monitor users and remotely troubleshoot

*Available post Windows 7 GA as part of Microsoft Desktop Optimization Pack (MDOP)

  • Windows Virtual PC Provides the Ease of Use for End Users
  • Run Windows XP or other Windows environments on Windows 7
  • Install and launch Windows XP applications from Win7 Desktop
  • IT Pros: Use MED-V when deploying Windows Virtual PCs, to reduce complexity, maintain control and keep costs low
med v user experience
MED-V User experience
  • Applications installed in the VM, appear on the desktop as if they were running natively.
slide57

Provision the VM to users and groups

Assign expiration policy and data transfer policies for specific users

slide58

Redirect web requests to Internet Explorer®inside the virtual machine on user request or according to pre-defined administrator rules

overall app v med v summary
Overall App-V/MED-V Summary
  • MED-V is the solution for legacy application compatibility concerns
  • App-V enables new deployment scenarios
  • App-V increases the reliability of machines by isolating applications
resources

Required Slide

Speakers,

TechEd 2009 is not producing

a DVD. Please announce that

attendees can access session

recordings from Tech-Ed website. These will only be available after the event.

Resources

Tech·Ed Africa 2009 sessions will be made available for download the week after the event from: www.tech-ed.co.za

  • www.microsoft.com/teched

International Content & Community

  • www.microsoft.com/learning
  • Microsoft Certification & Training Resources
  • http://microsoft.com/technet
    • Resources for IT Professionals
  • http://microsoft.com/msdn

Resources for Developers

related content

Required Slide

Speakers,

please list the Breakout Sessions, TLC Interactive Theaters and Labs that are related to your session. Any queries, please check with your Track Owner.

Related Content

WCL302

Windows Application Readiness for Developers

Wed 5 Aug 09:00 - 10:00

Speaker: Lynn Langit

session resources

Required Slide

Track Owners to provide guidance.

Please address any queries to your track owners.

Session Resources

Chris Jackson (The App Compat Guy)’s Blog

http://appcompatguy.com

Windows Compatibility Center

http://www.microsoft.com/windows/compatibility

Application Compatibility Toolkit 5.5 Download

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=24da89e9-b581-47b0-b45e-492dd6da2971

Application Compatibility Toolkit 5.5 Webcasts

http://technet.microsoft.com/en-us/windows/aa905066.aspx

slide64

Required Slide

10 pairs of MP3 sunglasses to be won

Complete a session evaluation and enter to win!

slide65

Required Slide

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

ad