Document 6586971
Transcription
Document 6586971
Application Compatibility for Developers on Windows .NET Server 2003 Jason Zions Architect Microsoft Corporation Agenda Introduction: What you need to know about application compatibility in Windows .NET Server 2003 Common Compatibility Issues How to use the Application Compatibility Toolkit to aid development More help Introduction The Windows application and customer experience team Team of over 200 people, thousands of desktop and server applications tested The top application experience issues addressed through programs and tools: Designed for Windows XP Logo program and .NET Server 2003 Certification program Windows Application Verifier tool Windows .NET Server 2003 Expectations Windows .NET Server 2003 Top areas that will affect application compatibility More secure More reliable Different Removal of legacy protocols and old runtimes that are no longer in broad usage Stricter access to operating system components to significantly reduce the overall security exposure Default settings have been set to a more conservative setting in a variety of places Operating system applications written to specific versions of Windows may need to be updated Many applications may require updates/new versions Security Changes Default permissions Changes across the OS to tighten security Examples Shares permissions Event logging and services Cross forest trust Other Changes Changes in Default Settings Internet Information Server (IIS) in locked down mode Group policy for reverting Driver installation Kernel mode printer drivers turned off Low-level driver changes Operating System Version number Agenda Introduction: What you need to know about application compatibility in Windows XP SP1 and Windows .NET Server Common Compatibility Issues How to use the Application Compatibility Toolkit to aid development More help The Application Compatibility Toolkit 2.6 Application Compatibility Toolkit 2.6 available now Latest white papers on compatibility issues and solutions including Limited User Enabled Applications Guide Testing Applications with AppVerifier Application compatibility tools Windows Application Verifier: Application debugging and testing tool Compatibility Administrator: Apply common fixes to incompatible applications Goals of the Windows Application Verifier Provides developers migrating to Windows .NET Server with Tools and knowledge used in Windows development A testing infrastructure to detect run time issues in Win32 applications Benefits for application developers Significantly reduces debugging time detecting Reduces crashes Memory corruptions Hangs Security issues 67.8% of 3rd party user mode crashes could have been detected using the AppVerifier Aids in Logo/Certification testing Non-administrator scenarios Resource management Operating System version checking Detecting Heap Corruption: PageHeap 34% of all 3rd party application crashes are related to heap corruption Can find almost any detectable heap related bug Focuses on corruptions rather than leaks Errors detected as they happen Heap-related issues Invalid heap pointer Invalid heap block pointer Assumptions about the reallocation of a block at the same address Access of a block after free Win32 and NT level heap interfaces take a pointer to the heap where the operation occurs Heap manager does not check whether a pointer is valid More than one process may write to same location Access after the end of a block – buffer overrun Checking locks usage: Locks The common mistakes in using locks result in resource leaks or concurrency issues Issues leading to resource leaks: Unloading a DLL that contains an active critical section Freeing a Heap block that contains an active critical section Attempting to initialize a critical section more than once Current thread attempts to reinitialize the critical section Checking locks usage: Locks Exploitable concurrency issues: Critical section was not initialized before being deleted Attempting to use a critical section after it has been deleted Detecting invalid handle usage: Handles Similar to Heap and Lock tests Ensures that an application: Does not use invalid handles Passes valid Thread Local Storage (TLS) indexes to TLS functions Invalid handle values: NULL INVALID_HANDLE_VALUE Handles example Thread 1 Open file Use file Close file Use file Handles would have caught the error right here Thread 2 Open file Use file Both processes write to same file Common mistake – handle values are aggressively reused. Checking for adequate stack growth: Stacks DO NOT USE THIS TEST: 99% of all components fail this Forces a component to handle a low memory condition where stack space cannot grow Important for critical services that must function in this environment, e.g. back up applications, file system mirroring Checking secure RPC usage: RPC Verifier Available for .NET Server only Covers many MSDN Best Practices for RPC Security Checks that an application follows the following rules: Uses a secure provider (e.g. Kerberos) Controls client authentication, authentication level Uses the Security QoS options Uses /robust flag Verifies the identity of a server Checking for additional security issues: SecurityChecks Warns against creating objects with improper Discretionary Access Control Lists (DACL) Flags when an application passes the following to an API that creates an object: NULL DACLs DACLs which give undue permissions to users such as WRITE_DACL to EVERYONE Checks that CreateProcess and related APIs are used safely Checking version handling: HighVersionLie The top application compatibility issue Prevents smooth migrations of applications to new versions of Windows Significant customer impact Improper handling is a failure in the Designed for Windows Logo and Windows .NET Server 2003 Certification test frame works Returns a future version (i.e. 7.1) of the Operating System to an application See the “Designed for Windows XP” Application Specification on sample code to properly handle versions Checking the usage of system paths: FilePaths Application compatibility issue that prevents migration Checks the proper usage of the special folder APIs by an application SHGetFolderPath() GetSystemDirectory() Checking registry usage: RegistryChecks Application compatibility issue that prevents migration Checks the proper usage of the registry by a non-setup application Looks for registry key writes that would prevent non-administrator support, such as HKey_Local_Machine Using the AppVerifier Download the latest version 2.28 http://www.microsoft.com/windows/appexperience Two versions of the UI AppVerif.exe: Win32 application Vsappverif.dll: Plug in for Visual Studio .NET Using the AppVerifier Setup before test pass Clear logs Enable Propagate process history Enable Break in debugger after each logged event if applicable Add executable Select tests Run application Debug any crashes View logs Additional things to know Some tests cause your component to crash and require debugging Options: Propagate process history: Use to verify a component spawned by another Break in debugger on logged events: Use to find the exact location of an error when debugging Verifier STOP in debugger Typical verifier stop ============================= VERIFIER STOP 00000008: pid 0xBD8: corrupted suffix pattern 01881000 : Heap handle 019806A8 : Heap block 0006FFF8 : Block size 00000000 : ============================= Provides hints to help in debugging Demo Common Test Scenarios Manual Testing Use with all test passes unless looking for timing related issues Automated Testing Ideal for all types of automated test runs Application Compatibility Call to action Test your applications Get RC1 and RC2 by ordering a Partner Guide from www.microsoft.com/partner/isv Use the Windows Application Verifier to eliminate the common application issues Provide detailed “Statement of Support” to our mutual customers by Windows .NET Server 2003 launch Drive towards Windows .NET Server 2003 Certification Contact Veritest for Certification testing Application Compatibility Resources Application Experience Web site for ISV related documentation and tools http://www.microsoft.com/windows/ appexperience Windows Application Verifier tool Guide to Application Compatibility Changes in Windows .NET Server 2003 Windows .NET Server 2003 Certification Specification (Nov. ‘02) Draft available from swlogo@microsoft.com Additional AppVerifier Resources Newsgroup: microsoft.public.win32.programmer.tools http://msdn.microsoft.com/newsgroups/manage d Beta Sign Up: aebeta@microsoft.com Appendix A: Recommended AppVerifier tests for Designed for Windows Logo AppVerifier DFW Run Time Test Pass 1 Page Heap Handles Locks High Version Lie Windows File Protection Registry Checks AppVerifierDFW Run Time Test Pass 2 File Paths AppVerifier DFW Install/Uninstall Test Pass 1 PageHeap Locks Handles High Version Lie Windows File Protection DX File Version Info Kernel Mode Driver Install AppVerifier DFW Install/Uninstall Test Pass 2 Log Registry Changes Log File Changes Appendix B: AppVerifier Command line options /? – prints help text. /show settings (/s) - dump current settings to console. /reset (/r) - reset (clear) all settings for all apps. /all (/a) - enable all tests for specified apps. /default (/d) - enable default tests for specified apps. /quiet (/q) - don't dump the current settings after changing them. /none (/n) - disable all tests for specified apps. © 2002 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.