Building Windows (7) Applications Microsoft ® Corporation
Microsoft Confidential
Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware that runs Windows Vista well will run Windows 7 well. Windows 7 Few Changes: Focus on quality and reliability improvements Deep Changes: New models for security, drivers, deployment, and networking
Microsoft Confidential
// Determine which dll to load if (!GetVersionEx(&osvi)) { return FALSE; } if (osvi.dwMajorVersion >= 5 && osvi.dwMinorVersion >= 1) { // XP and newer OS, use Apphelp lpwzDll = L"Apphelp.dll"; } else if (osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 0) { // Windows 2000, use sdbapiu lpwzDll = L“SdbApiu.dll"; } else { // Older Version, use sdbapi lpwzDll = L“SdbApi.dll";} return LoadLibraryFromSystem32(lpwzDll);
Microsoft Confidential HMODULE hMod; hMod = LoadLibrary(L"Apphelp.dll"); if (hMod) return hMod; hMod = LoadLibrary(L"sdbapiu.dll"); if (hMod) return hMod; hMod = LoadLibrary(L"sdbapi.dll"); if (hMod) return hMod;
Microsoft Confidential // Get module handle HMODULE hKernel32Module = GetModuleHandle(_T("kernel32.dll")); // Get Address of function SetWaitableTimerExProc pFn = (SetWaitableTimerExProc) GetProcAddress(hKernel32Module, "SetWaitableTimerEx"); if (pFn != NULL) pFn(hTimer, &liDueTime, 1000, NULL, NULL, &reasonContext, 1000);
Microsoft Confidential if (Environment.OSVersion.Version < new Version(5, 1)) { MessageBox.Show("Windows XP or later required.", "Incompatible Operating System", MessageBoxButtons.OK, MessageBoxIcon.Error); return; }
Microsoft Confidential try { // Use Windows 7 version if possible Win32.SetWaitableTimerEx(_hTimer, ref dueTime, period, IntPtr.Zero, IntPtr.Zero, ref rc, 5000); } catch (EntryPointNotFoundException) { // Use SetWaitableTimer }
Not Allowed Install applications Change system components Change per machine settings Admin “privileges” Allowed Run most applications Change per user settings
Filtered Token Admin Token Abby Admin Token App Admin Token Filtered Token App Filtered Token Child App Filtered Token
Administrative and standard user processes share the same desktop Process Isolation mechanisms – Integrity level for processes – UI Privilege Isolation “Lower” cannot interfere with “Higher” User Process MIC = Medium User Process MIC = Medium Admin App MIC = High Admin App MIC = High
All processes gets a MIC level All resources get a MIC level There are four levels: Integrity level SIDName S Mandatory Label\Low Mandatory Level S Mandatory Label\Medium Mandatory Level (default) S Mandatory Label\High Mandatory Level S Mandatory Label\System Mandatory Level
Medium (Default) Low Write Medium Process (Default) Low Process (Protected Mode IE) Read
ReadRead ReadRead Medium (Default) Low WriteWrite Low Process (PMIE) WriteWrite
SendMessageSendMessage Medium Process (Default) Low Process (PMIE) SendMessageSendMessage SendMessageSendMessage SendMessageSendMessage Medium Process (Default) Low Process (PMIE)
Luafv.sysLuafv.sys Ntfs.sysNtfs.sys LegacyapplicationLegacyapplication User mode Kernel mode \Windows\App.ini \Users\ \AppData\Local\ VirtualStore\Windows\App.ini Windows Vista ® application application \Windows\App.ini Access Denied
Microsoft Confidential
Session 0 Window Station Desktop Screen Saver Login Services 1 st User’s Window Shatter Attack
Session 0 Window Station Desktop Service Session 1 Window Station Desktop Screen Saver Login 1 st User’s Window Secure
Microsoft Confidential
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.