Document 391889

Application Compatibility
for Developers on
Windows .NET Server 2003
Jason Zions
Architect
Microsoft Corporation
Agenda




Introduction: What you need to know
about application compatibility in
Windows .NET Server 2003
Common Compatibility Issues
How to use the Application
Compatibility Toolkit to aid
development
More help
Introduction
The Windows application and
customer experience team


Team of over 200 people, thousands of
desktop and server applications tested
The top application experience issues
addressed through programs and tools:


Designed for Windows XP Logo program
and .NET Server 2003 Certification program
Windows Application Verifier tool
Windows .NET Server 2003
Expectations

Windows .NET Server 2003




Top areas that will affect application compatibility





More secure
More reliable
Different
Removal of legacy protocols and old runtimes that are no
longer in broad usage
Stricter access to operating system components to
significantly reduce the overall security exposure
Default settings have been set to a more conservative setting
in a variety of places
Operating system applications written to specific versions of
Windows may need to be updated
Many applications may require updates/new versions
Security Changes

Default permissions


Changes across the OS to tighten security
Examples



Shares permissions
Event logging and services
Cross forest trust
Other Changes

Changes in Default Settings






Internet Information Server (IIS) in
locked down mode
Group policy for reverting
Driver installation
Kernel mode printer drivers turned off
Low-level driver changes
Operating System Version number
Agenda




Introduction: What you need to know
about application compatibility in
Windows XP SP1 and
Windows .NET Server
Common Compatibility Issues
How to use the Application
Compatibility Toolkit to aid
development
More help
The Application
Compatibility Toolkit 2.6


Application Compatibility Toolkit 2.6
available now
Latest white papers on compatibility
issues and solutions including



Limited User Enabled Applications Guide
Testing Applications with AppVerifier
Application compatibility tools


Windows Application Verifier: Application
debugging and testing tool
Compatibility Administrator: Apply
common fixes to incompatible applications
Goals of the Windows Application
Verifier

Provides developers migrating to
Windows .NET Server with


Tools and knowledge used in Windows
development
A testing infrastructure to detect run time
issues in Win32 applications
Benefits for application
developers

Significantly reduces debugging time
detecting




Reduces crashes


Memory corruptions
Hangs
Security issues
67.8% of 3rd party user mode crashes could have
been detected using the AppVerifier
Aids in Logo/Certification testing



Non-administrator scenarios
Resource management
Operating System version checking
Detecting Heap Corruption:
PageHeap




34% of all 3rd party application crashes
are related to heap corruption
Can find almost any detectable heap
related bug
Focuses on corruptions rather than
leaks
Errors detected as they happen
Heap-related issues

Invalid heap pointer





Invalid heap block pointer
Assumptions about the reallocation of a block
at the same address
Access of a block after free


Win32 and NT level heap interfaces take a pointer
to the heap where the operation occurs
Heap manager does not check whether a pointer is
valid
More than one process may write to same location
Access after the end of a block – buffer
overrun
Checking locks usage:
Locks


The common mistakes in using locks result in
resource leaks or concurrency issues
Issues leading to resource leaks:




Unloading a DLL that contains an active critical
section
Freeing a Heap block that contains an active
critical section
Attempting to initialize a critical section more than
once
Current thread attempts to reinitialize the critical
section
Checking locks usage:
Locks

Exploitable concurrency issues:
Critical section was not initialized before
being deleted
 Attempting to use a critical section after it
has been deleted

Detecting invalid handle
usage: Handles


Similar to Heap and Lock tests
Ensures that an application:



Does not use invalid handles
Passes valid Thread Local Storage (TLS) indexes
to TLS functions
Invalid handle values:


NULL
INVALID_HANDLE_VALUE
Handles example
Thread 1
Open file
Use file
Close file
Use file
Handles would
have caught the
error right here
Thread 2
Open file
Use file
Both processes write to same file
Common mistake – handle values are aggressively reused.
Checking for adequate
stack growth: Stacks



DO NOT USE THIS TEST: 99% of all
components fail this
Forces a component to handle a low
memory condition where stack space
cannot grow
Important for critical services that must
function in this environment, e.g. back
up applications, file system mirroring
Checking secure RPC
usage: RPC Verifier



Available for .NET Server only
Covers many MSDN Best Practices for RPC
Security
Checks that an application follows the
following rules:





Uses a secure provider (e.g. Kerberos)
Controls client authentication, authentication level
Uses the Security QoS options
Uses /robust flag
Verifies the identity of a server
Checking for additional security
issues: SecurityChecks


Warns against creating objects with
improper Discretionary Access Control
Lists (DACL)
Flags when an application passes the
following to an API that creates an
object:
NULL DACLs
 DACLs which give undue permissions to
users such as WRITE_DACL to EVERYONE


Checks that CreateProcess and related
APIs are used safely
Checking version handling:
HighVersionLie

The top application compatibility issue





Prevents smooth migrations of applications to
new versions of Windows
Significant customer impact
Improper handling is a failure in the Designed for
Windows Logo and Windows .NET Server 2003
Certification test frame works
Returns a future version (i.e. 7.1) of the
Operating System to an application
See the “Designed for Windows XP”
Application Specification on sample code to
properly handle versions
Checking the usage of system
paths: FilePaths


Application compatibility issue that
prevents migration
Checks the proper usage of the special
folder APIs by an application


SHGetFolderPath()
GetSystemDirectory()
Checking registry usage:
RegistryChecks



Application compatibility issue that
prevents migration
Checks the proper usage of the
registry by a non-setup application
Looks for registry key writes that
would prevent non-administrator
support, such as HKey_Local_Machine
Using the AppVerifier

Download the latest version 2.28
http://www.microsoft.com/windows/appexperience

Two versions of the UI


AppVerif.exe: Win32 application
Vsappverif.dll: Plug in for Visual Studio
.NET
Using the AppVerifier

Setup before test pass








Clear logs
Enable Propagate process history
Enable Break in debugger after each logged
event if applicable
Add executable
Select tests
Run application
Debug any crashes
View logs
Additional things to know


Some tests cause your component to
crash and require debugging
Options:


Propagate process history: Use to verify
a component spawned by another
Break in debugger on logged events: Use
to find the exact location of an error when
debugging
Verifier STOP in debugger
Typical verifier stop
=============================
VERIFIER STOP 00000008: pid 0xBD8: corrupted

suffix pattern
01881000 : Heap handle
019806A8 : Heap block
0006FFF8 : Block size
00000000 :
=============================

Provides hints to help in debugging
Demo
Common Test Scenarios

Manual Testing


Use with all test passes unless looking for
timing related issues
Automated Testing

Ideal for all types of automated test runs
Application Compatibility
Call to action

Test your applications




Get RC1 and RC2 by ordering a Partner Guide from
www.microsoft.com/partner/isv
Use the Windows Application Verifier to eliminate
the common application issues
Provide detailed “Statement of Support” to
our mutual customers by Windows .NET
Server 2003 launch
Drive towards Windows .NET Server 2003
Certification

Contact Veritest for Certification testing
Application Compatibility
Resources

Application Experience Web site for
ISV related documentation and tools
http://www.microsoft.com/windows/
appexperience



Windows Application Verifier tool
Guide to Application Compatibility
Changes in Windows .NET Server 2003
Windows .NET Server 2003
Certification Specification (Nov. ‘02)

Draft available from
swlogo@microsoft.com
Additional AppVerifier
Resources

Newsgroup:



microsoft.public.win32.programmer.tools
http://msdn.microsoft.com/newsgroups/manage
d
Beta Sign Up: aebeta@microsoft.com
Appendix A: Recommended
AppVerifier tests for
Designed for Windows
Logo
AppVerifier DFW Run Time
Test Pass 1






Page Heap
Handles
Locks
High Version Lie
Windows File Protection
Registry Checks
AppVerifierDFW Run Time
Test Pass 2

File Paths
AppVerifier DFW
Install/Uninstall Test Pass 1







PageHeap
Locks
Handles
High Version Lie
Windows File Protection
DX File Version Info
Kernel Mode Driver Install
AppVerifier DFW
Install/Uninstall Test Pass 2


Log Registry Changes
Log File Changes
Appendix B: AppVerifier
Command line options







/? – prints help text.
/show settings (/s) - dump current settings to
console.
/reset (/r) - reset (clear) all settings for all apps.
/all (/a) - enable all tests for specified apps.
/default (/d) - enable default tests for specified apps.
/quiet (/q) - don't dump the current settings after
changing them.
/none (/n) - disable all tests for specified apps.
© 2002 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.