3 App Compat Win7
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


3 App Compat Win7

Uploaded on

TechEd Africa session on Windows 7 applicaiton compatibility and graphics improvements

TechEd Africa session on Windows 7 applicaiton compatibility and graphics improvements

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 15

http://blogs.msdn.com 11
http://www.slideshare.net 3
http://translate.googleusercontent.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • Blackhat and recommendation to hijack a utility type service (AV or backup for example).
  • Services IsolationServices will not be able to directly interact with user desktop and applicationsIssuesServices with user interaction may hang as UI will not be visibleTemporary Mitigation: notification sent to current user when there is UI in session 0http://www.msterminalservices.org/faq/WindowsTerminalServices/?page=8 – How to design a service to interact with multiple user sessionsSpawned by service – must track session IdsSimple interaction: Terminal Services APIs (WtsSendMessage) - messagebox type functionalityComplex interaction -spawned by the service: one of the create process as user APIs Client start-up (e.g. run key)Find Session Id - WTSQuerySessionInformation() with WTSSessionId as classPass to service through IPCNamed pipe issuesSpecify FILE_FLAG_FIRST_PIPE_INSTANCE in dwOpenMode parameter to CreateNamedPipe() – prevents “squatting”
  • Performance EnhancementsNotifyServiceStatusChange()XP required query of state through QueryServiceStatusEx() or other APIAllows for callback notification of service status changesLocal or remote clientsShutdownXP – notification (random order from SCM) then 20 sec to shutdownVista pre-shutdown notification for services with more cleanup3 min by default but configurable by serviceRegistration of shutdown dependencies for orderWindows 7 adds Trigger Start:SCM starts or stops registered services when system events triggers.Configuration not accessible via MMC Service Snap-InYou can use the command-line SC.EXE TRIGGERINFO… ChangeServiceConfig2( SERVICE_CONFIG_TRIGGER_INFO )
  • Note: some applications will actively block efforts to shim, so this will not work.
  • Direct 2D – rendering improvementsDirectWrite – cool DirectWrite demoDirect3D - Demo
  • [TDM, DEV][Why - high level overview of Graphics (improvements) in Win7]High-Fidelity Graphics with DirectX Windows application developers have long used DirectX® to provide high-quality, hardware-accelerated, 3D graphics. When the technology debuted in 1995, developers could provide high-quality 3D graphics for games & engineering applications for gamers & professionals willing to pay extra for a 3D-graphics board. Now, even the most inexpensive PCs include capable 3D-graphics hardware.To take advantage of these graphics capabilities, Windows Vista introduced the Windows Display Driver Model (WDDM) infrastructure for DirectX that enabled multiple applications & services to share the resources of the GPU. The Desktop Window Manager (DWM) uses this technology to animate task switching in 3D, provide dynamic thumbnail images of application windows, & to provide Windows® Aero® glass effects for desktop applications.Windows 7 puts even more graphics capability into the h&s of application developers. Through a new set of DirectX APIs, Win32 developers can take advantage of the latest innovations in GPUs to add fast, scalable, high-quality, 2D & 3D graphics, text, & images to their applications. On the latest LCD displays, DirectX APIs can display desktop & window content using color depth greater than 8 bits per color component. With DirectX, Win32 developers can also use the GPU’s parallelism for general-purpose computation such as image processing, & can render to DirectX 10 hardware, DirectX 9 hardware, the CPU, or to a remote Windows computer. These technologies were designed to interoperate with GDI & GDI+, ensuring that developers can easily preserve their existing investments in Win32 code. These enhanced graphics capabilities are provided by the following COM-based APIs:Direct2D for drawing 2D graphics.DirectWrite for arranging & rendering text. Windows Imaging Component for processing & displaying images.Direct3D® 10 for drawing 3D graphics. Direct3D 11 for drawing 3D graphics, & providing access to next-generation GPU technologies, such as tessellation, limited support for texture streaming, & general purpose computing.DirectX Graphics Infrastructure (DXGI) for managing devices & GPU resources, & providing interoperability between DirectX & GDIWindows 7 Usage of the GPUContinues from Windows Vista…Media Center UIVideo Playback Desktop Window Manager (DWM)Windows 7 DWM uses Direct3D10.1 APIScales in performance all the way from low end integrated to high end GPUsShaders are used for blurs in the GlassWindows 7 memory consumption is cut by 50% per windowMore & richer animations of the thumbnails
  • [TDM, DEV][high-level overview of DirectWrite]ClearType is all about drawing text to the screen while preserving maximum fidelity with regards to the character position & shape intended by the font designer.Usability Improvements due to ClearTypeReading perf improvement: 5% faster than non cleartype rendering.  This is normal reading of a document on screen.  Pretty significant (think of 5% of work day).     Word decoding: 17% faster.  When you get flashed a word on a screen really fast & have to figure out what it is. Most importantly – the time you can spend reading on the computer before you get a head-ache is substantially extended. :-)DirectWriteMany of today’s applications need to support high-quality text rendering, resolution-independent outline fonts, & full Unicode text & layout support. DirectWrite, a new DirectX component, provides these features & more:A device-independent text layout system that improves text readability in documents & in UI. High-quality, sub-pixel, ClearType® text rendering that can use GDI, Direct2D, or application-specific rendering technology.Hardware-accelerated text, when used with Direct2D.Support for multi-format text.Support for the advanced typography features of OpenType® fonts.Support for the layout & rendering of text in all supported languages.GDI-compatible layout & rendering.The DirectWrite font system enables ”any font anywhere” font usage, where users don’t have to perform a separate installation step just to use a font, & an improved structural hierarchy of font grouping to help with manual or programmatic font discovery. The APIs support measuring, drawing, & hit-testing of multi-format text. DirectWrite h&les text in all supported languages for global & localized applications, building on the key language infrastructure found in Windows 7. DirectWrite also provides low-level glyph rendering APIs for developers who want to perform their own layout & Unicode-to-glyph processing.
  • [TDM, DEV]The main take away on the Fundamentals it to make sure developer are using Windows 7 as their main dev machine. By running Windows 7 on their machines, they will want to make sure their applications are properly running on Windows 7.
  • Windows 7 & Windows Server 2008 R2 Ecosystem Readiness Program The Windows Ecosystem includes hardware, software, & services partners.  In addition to providing partners with access to the software & tools they need to build & test solutions for Windows 7 & Windows Server 2008 R2, the Ecosystem Readiness Program also facilitates testing multiple components of the ecosystem together to improve the overall user experience. Rather than just focusing on getting a specific OEM product, software application, or hardware device certified, we will be bringing multiple components together to verify a rich user experience that delivers quality, reliability, & performance as well as innovation through new feature adoption. To join the Windows 7 & Windows Server 2008 R2 Ecosystem Readiness Program click here if you are a software developer & here if you develop hardware.herehere


  • 1. Windows 7 AppCompat
    Lynn Langit
    Microsoft – Developer Evangelist
  • 2. Windows 7 Builds on Windows Vista
    Few Changes: Most software that runs on Windows Vista® will run on Windows® 7 – exceptions will be low-level code (AV, Firewall, Imaging, etc.).
    Hardware that runs Windows Vista well will run Windows 7 well.
    Few Changes: Focus on quality and reliability improvements
    Deep Changes: New models for security, drivers, deployment, and networking
  • 3. AppCompat & LightUp
  • From XP to Windows 7
  • 19. The Application
    Image Viewer
    WPF Application
    Runs on XP, Vista, Win7
    On XP basic functionality with no special OS features
    Manually Create album
    Crawler (expensive) Service searching images
    Change Skin
    Reset DB / Reset configuration
    Lights Up on Windows 7
  • 20. Application Running on XP
  • 21. The Application Running on 7
    Enhancing an existing Windows XP application with Windows 7 features
    IO Background Priority
    Trigger Start Services
    Power Management
    Command Links
    Scheduled Tasks
    PowerShell 2
    Windows 7 Multitouch
    Windows 7 Sensors
    Application Restart and Recovery
    Preview Handlers
    Windows Search
    Windows 7 Event Tracing
    User Account Control
    Windows 7 Taskbar
    Transactional NTFS
    Microsoft Management Console Snap-In
  • 22. Application Running on 7
  • 23. Demo
    Photo Viewer on Windows 7
  • 24. Compat - New Folder Locations
    “My Documents” folder structure has changed
    The user data is now stored in: ‘usersusername%’ folder structure
    Pictures, Music, Documents, Desktop, and Favorites are all new folders directly under this structure
    The “My “ prefix was dropped from Documents, Music, etc.
    “All Users” became “Public” and “ProgramData”
    My Documents still exist as directory junction
    Use the SHGetKnownFolderPath APIs
  • 25. Compat - Application Data Best Practices
    Where to put your data:
    Place per-user configuration data into %LOCALAPPDATA% (Roaming into %APPDATA%)
    Place Per-Machine (Shared) configuration data into %ALLUSERSPROFILE% (e.g. c:ProgramData)
    Per-Machine (Shared) user documents into %PUBLIC%
    Per user documents go to %USERPROFILE%
  • 26. Compat - User Account Control
    • Applications run as Standard User by default
    • 27. Standard User has some permissions
    • 28. Run most applications
    • 29. Change per user settings
    • 30. Standard User can NOT do many things
    • 31. Install applications
    • 32. Change system components
    • 33. Change per machine settings
    • 34. Admin “privileges”
  • Windows UAC
    All users run as Standard User by default
    • Filtered token created during logon
    Only specially marked apps get the unfiltered token
    Explicit consent required for elevation
    • Predictable shell elevation paths
    High application compatibility
    • Data redirection
    Enabling legacy apps to run as standard user
    • Installer Detection
  • UAC Architecture
    Standard User Rights
    Administrative Rights
    Admin logon
    Admin Token
    “Standard User” Token
  • 35. UAC Architecture
    User Process
    Standard User Privilege
    Standard User Rights
    Administrative Rights
    Standard User Mode
  • 41. UAC Architecture
    User Process
    Change Time
    Standard User Privilege
    Admin Privilege
    Admin Privilege
    Admin Privilege
    Admin Process
    Configure IIS
    Admin Process
    Install Application
    Admin Process
    Standard User Rights
    Administrative Rights
    Admin Privileges
  • 47. Consent UI
    OS Application
    Unsigned Application
    Signed Application
  • 48. Credential UI
  • 49. UAC Split Tokens
  • 50. Designing for UAC
    1st Choice: Make application run as Standard User only
    2nd Choice: Clearly identify Administrative tasks
    Ensure Standard users can be fully productive
    Identify tasks that need elevation with a “shield”
  • 51. UX: The Shield
    Attached to controls to indicate that elevation is required to use their associated feature
    Has only one state (i.e. no hover, disabled etc.)
    Does not remember elevated state
    Not an unlock operation
    Can be programmatically set:
    HICON shieldIcon = LoadIcon(NULL, IDI_SHIELD)
    SendMessage(button, BCM_SETSHIELD, 0, TRUE) or using the macro in Commctrl.h:
    Button_SetElevationRequiredState(commandLink, TRUE)
  • 52. Security Shield UI Examples
  • 53. Application Manifests
    Vista-aware applications embed an XML manifest
    Manifest contains a RequestedExecutionLevel:
  • 54. Finding/Solving UAC Issues
    Do you?
    Write to Program Files, Windows, System32, HKLM/Software, or Root?
    Create anything “globally”
    UseWindows messages between isolation levels
    Running the application “As Administrator”
    Testing with UAC off
    Process Monitor
    Standard User Analyzer
  • 55. Windows Services Basics
    Started and managed by Service Control Manager
    Controlled by SCM
    Starting and stopping services
    Disabled, Manual and Automatic
    Managing running services
    Maintaining service-related state information
    Started – Stopped - Paused
    Services can run in their own process or shared hosted process (e.g. svchost.exe)
  • 56. Services and Security
    Attractions for malware
    May be configured to auto start on boot
    Potential to run from boot without using well known auto-start methods
    Often run in highly privileged contexts
    As mentioned, runs outside of UAC and enables app to potentially take control of UAC behavior (e.g. MSI)
    Services can run in their own process or shared hosted process
  • 57. Sessions in XP/W2K/WS03
    Session 0
    Window Station
    Shatter Attack
    1st User’sWindow
    1st User’sWindow
    1st User’sWindow
    Screen Saver
  • 58. Sessions in Win7/Vista/Windows 2008
    Session 0
    Session 1
    Window Station
    Window Station
    1st User’sWindow
    1st User’sWindow
    1st User’sWindow
    Screen Saver
  • 59. Session 0 Isolation
  • 60. Service Hardening
    Windows XP services made great attack vectors:
    Running in shared session, usually w/high privilege
    Sometimes w/UI (interactive services)
    So we had Shatter Attacks
    good reasons to have Service Isolation in session 0 and Mandatory Integrity Control
    Windows Vista and 7
    Services run outside of UAC
    ISVs may be tempted to circumvent OS security
    The potential attack surface has lessened so services are a more attractive target
  • 61. Three Service Hardening Designs
    Services need to run least privileged
    Services can now have their own SID
    This can be used to lock down / sandbox the resources that the Service has access to
  • 62. Perf Enhance - Trigger Start Service
    New in Windows 7 - SCM registers for system events via interesting providers:
    Device arrival
    IP address
    Domain join and leave
    Group policy updates
    Custom Event Tracing for Windows event
    SCM starts or stops registered services:
    TabletInputService started only if digitizer is present
    StorSvc starts when group policy updates are applied, automatically stops
  • 63. Trigger Start Examples
  • 64. Service or Scheduled Task?
    • Continuous activity from boot to shutdown
    • 65. Service Control Manager (SCM) programming model
    • 66. Can specify dependency
    • 67. Short duration action
    • 68. Idle activity
    • 69. Take action on user login
    • 70. Standalone executable or out-of-process COM server
    • 71. Generally execute in user session
    Windows Service
    Scheduled Task
  • 72. Compat - Operating System Version
    Windows 7 is … Windows 6.1? (for Vista Compat)
    dwMajorVersion stays the same
    dwMinorVersion changes
    Check for features, not versions
    If checking for version, then use the > key (check the OS version as >= so that your app can work on future releases of the OS)
    Version lies
  • 73. Compatibility Tab
  • 74. Shim Application
    Implements Windows API hooks
    Shim engine is responsible for applying the shims
  • 75. How Shims are Loaded
    Shims are applied per executable
    Shim engine
    API hooks
    Run initialization
    Loader maps executable and statically linked DLLs
    into memory
  • 76. Compat – Misc Regressions
    • Removal of Windows Mail
    • 77. Removal of Windows Movie Maker
    • 78. NLS Sorting Changes
    • 79. Internet Explorer 8 - User Agent String
    • 80. Removal of Windows Registry Reflection
    • 81. Removal of WPDUSB.SYS Driver for Windows Portable Devices
    • 82. Microsoft Message Queuing (MSMQ)
  • Problem Step Recorder
    Allows testers and users to track, step by step, exactly what an application is doing, creating an .mht file with screenshots illustrating the bug reproduction
    Creates a .zip file containing an .mht file
    Integrated with Dr. Watson for Windows
  • 83. This Was Very Surprising To Us…
    Users with Max Resolution of 1600X1200
    Almost half of all of users are not configuring their display to maximum resolution (!)
    Users are lowering their screen resolution to get larger text…
  • 84. High DPI - Why Do We Care?
    Non-native resolution negates the value of high fidelity displays
    Text looks blurry because ClearType requires native resolution
    Can’t display native high def content
    720p high definition video requires 1280x720 resolution
    1080p requires 1920x1080
    1.9 megapixel photos requires 1600x1200 native
    Many people accidentally select a non-native aspect ratio
    Pixilated Content does not take advantage of the display
    Non-native aspect Ratio Settings “Squishes” Content
  • 85. High DPI Issues
    Clipped Text
    Layout Issues & Image Size Issues
    WinForms Issues
    Pixilated Bitmaps
    Blurry UI
    Mismatched Font Sizes
  • 86. Graphics Improvements in Windows 7
  • 87. Graphics APIs for Rich Client Applications
  • 88. DirectX: When the application needs control over features and performance
    WPF: When the application needs richness but needs to be built quickly and there is no need for fine grained control over hw performance and features
    GDI: When the application needs to work on all Microsoft OSs and the lowest common denominator functionality is sufficient
    When to use which API
    Increasing HW Exploitiveness
  • 89. Advancing the platform
  • 90. Direct3D
    Segoe UI
    Windows 7 DWM memory consumption is cut by 50% per window
    Take advantage of the GPU’s computation power
    High-DPI support & High Color
    Windows 7 DWM uses Direct3D10.1 API
    DXVA & WIC
    Graphic Improvements
  • 91. Direct2D And DirectWrite
    New APIs in Windows 7
    Win32 developers
    Usable in service context
    2D graphics rendering tasks
    Increased performance and visual quality
    Vertical stack for text services
    Fonts, Script Processing, Layout
  • 92. Direct2D: New in Windows 7
    Rendering Focused Immediate Mode API:
    2D Vectors & Geometry, Bitmaps & Text
    Hardware & Software Pipelines
    Built for Performance on Direct3D 10.1
    Interoperable with Direct3D & GDI
    High Quality Rendering:
    Per Primitive Anti-Aliasing & MSAA via Direct3D
    Remoted via Direct3D 10.1
    Printing support via XPS
  • 93. Direct2D Performance
  • 94. DirectWrite
    Modern Typography
    Enables world-wide applications
    ClearType advances
    Works with any rendering technology
    Hardware accelerated via Direct2D
    Best reading experience for the PC
  • 95. Gabriola
  • 96. DirectWrite
  • 97. Call to Action: Fundamentals
  • 98. Windows 7 Readiness Programs
    Make sure your applications work with Windows 7
    Allow MS to tell our customers about your Apps
    Publish your support policy for Windows 7
    List your solutions on the Compatibility Center
    Get the Windows 7 Logo
    Focused on Compatible Applications
    Simple Process – No 3rd party testing required
  • 99. Resources
    “Application Compatibility Cookbook”
    “Windows 7 Application Quality Cookbook”
    MSDN Application Compatibility: http://msdn.microsoft.com/en-us/windows/aa904987.aspx
    TechNet Windows Application Compatibility: http://technet.microsoft.com/en-us/desktopdeployment/bb414773.aspx
    Channel 9: http://channel9.msdn.com/tags/Application+Compatibility/
  • 100. Track Resources
    Windows 7 RC Training for Developers
    Windows content on Channel 9 
    Windows 7 Developer Center on MSDN
    Windows Application Compatibility Roadmap
    Windows 7 Blog for Developers
    My blog series – http://blogs.msdn.com/SoCalDevGal#Win7DevSeries
    My MSDN show – MSDN geekSpeak
    My Facebook group ‘Windows 7 Developers’
    Links, Video & Screencasts
  • 101. Related Content
    Breakout Sessions
    WCL201 Developing for Windows 7
    WCL301 Windows Application Readiness for Developers
    WCL302 Optimizing Your Application for the Windows 7 User Experience
    Whiteboard Session
    WTB215 Windows Client Development Discussion
    Hands-on Lab
    WCL08-HOL Windows 7: Mitigating Application Issues Using Shims
  • 102. Tech·Ed Africa 2009 sessions will be made available for download the week after the event from: www.tech-ed.co.za
    International Content & Community
    Microsoft Certification & Training Resources
    Resources for IT Professionals
    Resources for Developers
  • 103. Required Slide
    10 pairs of MP3 sunglasses to be won
    Complete a session evaluation and enter to win!
  • 104. © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
    The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.