Post on 21-Dec-2015
Building Windows (7) ApplicationsMicrosoft® Corporation
Microsoft Confidential
Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV,
Firewall, Imaging, etc). Hardware that runs Windows Vista well will run Windows 7 well.
Windows 7Windows 7
Few Changes: Focus on quality and reliability improvements
Deep Changes: New models for security, drivers, deployment, and
networking
Microsoft Confidential
Microsoft Confidential
Microsoft Confidential
Microsoft Confidential
// Determine which dll to loadif (!GetVersionEx(&osvi)) { return FALSE; }if (osvi.dwMajorVersion >= 5 && osvi.dwMinorVersion >= 1) {
// XP and newer OS, use Apphelp lpwzDll = L"Apphelp.dll";
} else if (osvi.dwMajorVersion == 5 && osvi.dwMinorVersion == 0) {
// Windows 2000, use sdbapiu lpwzDll = L“SdbApiu.dll";
} else {// Older Version, use sdbapilpwzDll = L“SdbApi.dll";}
return LoadLibraryFromSystem32(lpwzDll);
Microsoft Confidential
HMODULE hMod; hMod = LoadLibrary(L"Apphelp.dll");if (hMod) return hMod; hMod = LoadLibrary(L"sdbapiu.dll");if (hMod) return hMod; hMod = LoadLibrary(L"sdbapi.dll");if (hMod) return hMod;
Microsoft Confidential
// Get module handleHMODULE hKernel32Module = GetModuleHandle(_T("kernel32.dll"));// Get Address of functionSetWaitableTimerExProc pFn = (SetWaitableTimerExProc)GetProcAddress(hKernel32Module, "SetWaitableTimerEx");
if (pFn != NULL)pFn(hTimer, &liDueTime,
1000, NULL, NULL,&reasonContext, 1000);
Not Allowed
•Install applications•Change system components•Change per machine settings•Admin “privileges”
Allowed
• Run most applications• Change per user settings
Filtered Token
Admin Token
Abby
Admin Token
AppAdmin Token
Filtered Token
AppFiltered TokenChild App
Filtered Token
• Administrative and standard user processes share the same desktop
• Process Isolation mechanisms– Integrity level for processes– UI Privilege Isolation
• “Lower” cannot interfere with “Higher”
User ProcessMIC = MediumUser Process
MIC = Medium
Admin AppMIC = HighAdmin AppMIC = High
• All processes gets a MIC level• All resources get a MIC level• There are four levels:
Medium (Default)Medium (Default)
LowLow
Write
Write
Medium Process(Default)
Low Process(Protected Mode IE)
Read
Read
ReadRead
Read
Read
Medium (Default)Medium (Default)
LowLow
Write
Write
Low Process(PMIE)
Write
Write
SendMessage
SendMessage
Medium Process(Default)
Low Process(PMIE)
SendMessage
SendMessage
SendMessageSendMessage
SendMessageSendMessage
Medium Process(Default)
Low Process(PMIE)
Luafv.sysLuafv.sys
Ntfs.sysNtfs.sys
Legacy Legacy applicationapplication
User modeUser mode
Kernel modeKernel mode
\Windows\App.ini\Windows\App.ini
\Users\<user>\AppData\Local\\Users\<user>\AppData\Local\VirtualStore\Windows\App.iniVirtualStore\Windows\App.ini
Windows Windows VistaVista®®
applicationapplication
\Windows\App.ini\Windows\App.ini
Access Access DeniedDenied
Microsoft Confidential
Session 0
Window StationDesktop
Screen Saver
Login
Services
1st User’sWindow
1st User’sWindow
1st User’sWindow
Shatter AttackShatter Attack
Window StationDesktop
Service
Service
Session 1
Window StationDesktop
Screen Saver
Login
1st User’sWindow
1st User’sWindow
1st User’sWindow
Secure
Microsoft Confidential
Microsoft Confidential
Microsoft Confidential
Microsoft Confidential
Microsoft Confidential
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.