Windows 7 Application Compatibility
92
Windows 7 Application Compatibility Dave Allen ISV Application Architect Microsoft UK [email protected]
-
Upload
dave-allen -
Category
Technology
-
view
42 -
download
0
description
Transcript of Windows 7 Application Compatibility
Windows 7Application CompatibilityDave AllenISV Application ArchitectMicrosoft [email protected]
AgendaWhy your application might not work
User Account ControlNew Folder LocationsWindows Resource ProtectionMandatory Integrity ControlUser Interface Privilege IsolationInternet Explorer Protected ModeOS and IE VersioningSession 0 Isolation
Some less common issues
Some of the cool stuff in Windows 7
Demo
Why: User Account ControlOS is at risk from today’s malware when user is running as Administrator
Ease with which malware can self-installPrivilege elevation through security holes in softwareExtent of damage caused by malware is potentially greater
Other issuesAccidental damage caused by user
How: User Account Control
With Windows 7 all users run as Standard User by default, including members of Admin group
Only true for interactive logins; services continue to run as before in Windows XP
How: User Account Control (cont.)
Two tokens are created at logon (split token)
Standard User TokenAdministrator SID set as Deny Only (can still be used to deny access, but not to grant)Runs with medium integrity level (IL)Most privileges removed (e.g. SeDebugPrivilege)
Administrator TokenAdministrator SID has all rights assignedRuns with high integrity level (IL)All privileges are present
How: User Account Control (cont.)
Standard User Token is used until explicit consent is given, then Administrator Token is used (Consent UI) for that particular processSupporting feature: Unnecessary Administrator checks (in XP) have been removed
Example: Change time zone
UAC: Elevation Details
Standard User or
Protected Administrato
r SystemFull
Administrator
explorer.exe AppInfo Service
consent.exe
elevatedapp.exeRPC RPC
Re-parented
ShellExecute(elevatedapp.exe)
CreateProcessAsUser(elevatedapp.exe)
UAC: OTS Dialogs
UAC Spilt Token
Demo
UAC: Running Apps Elevated Right click program Run as administratorCompatibility fix (shim) or mode
Program properties Compatibility tab Run as administratorRunAsAdmin shim in system shim database
Installer detectionHeuristics such as string containing “Setup”, “Install”, or “Update” in:
Executable nameResource strings
MSIs are always detected as installers
UAC: Running Apps Elevated (cont.)
Application designed for Windows 7UAC manifest with <requestedExecutionLevel>
All applications should have one Removes application compatibility overhead (some Shims, PCA, virtualization) at run time
Internal manifest (compiled into the application)
Build manifest into application binaryTakes precedence
External manifest (added as a separate file)MyApp.exe.manifestUnsupported, avoid!
UAC: Internal Manifest (cont.)
requireAdministratorThe application runs only for administrators and requires that the application be launched with the full token of an administrator
asInvokerThe application runs with the same token as the parent process
highestAvailableThe application runs with the highest privileges the current user can obtain
UAC: Internal Manifest (cont.)Extract application manifest from executable if it
exists:mt -inputresource:elevatedapp.exe;#1 -out:extracted.manifest
Modify the manifest to add UAC request<?xml version="1.0" encoding="utf-8"?><asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <assemblyIdentity version="1.0.0.0" name="MyApplication.exe"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false" /> </requestedPrivileges>
</security> </trustInfo></asmv1:assembly>
Insert the modified manifest back into the executable:
mt -manifest elevatedapp.exe.manifest -outputresource:elevatedapp.exe;#1
Side topic: Compatibility manifestModify the manifest to add OS target
<?xml version="1.0" encoding="utf-8"?><asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <assemblyIdentity version="1.0.0.0" name="MyApplication.exe"/> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> <!—- The ID below indicates application support for Windows 7 --> <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/> </application> </compatibility></asmv1:assembly>
Combined ManifestCombined UAC and compatibility manifest
<?xml version="1.0" encoding="utf-8"?><asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <assemblyIdentity version="1.0.0.0" name="MyApplication.exe"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level=“asInvoker" uiAccess="false" /> </requestedPrivileges>
</security> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> <!—- The ID below indicates application support for Windows 7 --> <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-
a2440225f93a}"/> </application> </compatibility>
</trustInfo></asmv1:assembly>
UAC: UI Design for ElevationSend the BCM_SETSHIELD message to a button control, using SendMessage
Button.FlatStyle has to be set to System
Fails for owner-drawn buttonsGet icon and render in owner draw handlerHICON shieldIcon = LoadIcon(null, IDI_SHIELD);
Unmanaged code (C++)SendMessage call can be invoked more easily using the Button_SetElevationRequiredState macro
Managed code (C#, VB.NET)Use SystemIcons.Shield
Elevation, Manifests, and UI Design
Demo
Why: Program Compatibility Assistant
Program Compatibility Assistant (PCA) automates mitigation of some UAC (and more) compatibility issues
Attempts to detect if a program is an installerClient-only feature – not in Server
PCA monitors attempts to:Create a sub folder in “Program Files”Copy exe or dll files into the new folderOverwrite system filesNot writing to the “Program Database”Etc…
How: Program Compatibility Assistant
If PCA detects a compatibility issue it…Notifies the user ANDApplies a solution (high confidence) OROffers to apply a solution (medium confidence)
UAC: Virtualization
Redirects privileged file access to C:\Users\%username%\AppData\Local\VirtualStore
C:\Program FilesC:\Windows
Redirects registry access from HKLM to HKCU\Software\Classes\VirtualStore\MACHINE
Adding a manifest disables virtualization and the Program Compatibility Assistant (PCA)
Redirection is “sticky” – reads are re-directed
Deleting all virtual copies removes the “stickiness”
Elevated process not affectedSide effects: multiple virtualized copies (one per user and one for admin)
UAC: Virtualization (cont.)
Virtualization
Demo
UAC: Symptoms
Explicit access right error message
Event Log contains security or application messages indicating security problems
Application crashes, fails to install, or fails to update for automatic updater
Application fails to remember saved settings
Symptoms vary widely and are difficult to diagnose
UAC: InvestigationDetermine whether application was designed to run as administrator
Run as administrator – does it work?
Run as standard user – check redirection locations
C:\Users\%username%\AppData\Local\VirtualStore
HKCU\Software\Classes\VirtualStore\MACHINE
Event Log – logs relevant UAC
Process Monitor (Procmon) for failed accesshttp://technet.microsoft.com/en-gb/sysinternals/bb896645.aspx
Event Log
Demo
UAC: MSI’s
SymptomMSI with a custom action fails with a UAC error despite elevation
CauseMSI contains custom action that impersonates the user (default)
Example: ActionType=1025msidbCustomActionTypeInScript (0x400) delayedmsidbCustomActionTypeDll (0x1) = 0x401msidbCustomActionNoImpersonate (0x800) not set
UAC: MSI’s (cont.)
FixesRedesign to select not impersonating user
Set bit msidbCustomActionNoImpersonate (0x800)Example : ActionType 1025 (0x401) becomes 3073 (0xC01)
Edit MSI with Orca.exe to change the right ActionType fieldsRun from elevated command prompt
Orca
Demo
UAC: Self-extracting installer
SymptomSelf-extracting EXE or custom wrapper runs elevated and executes a script, but script fails
Cause UAC prompt occurs on self-extracting EXE or custom wrapper, but elevated privileges are not transferred to script
FixesRedesign to use MSIRun from elevated command prompt
Creates an elevated script engine
UAC: Checking for admin rightsSymptoms
Many – from minor feature misbehavior to crash
CausesApplications uses
IsUserAnAdmin, CheckTokenMembership “BUILTIN\Administrators” and similar APIsAPIs return false when not elevated
MitigationShim ForceAdminAccess or ProtectedAdminCheck
FixGetTokenInformation API
TokenElevation (elevated or not)TokenElevationType (default, full or limited)
UAC: User COM ObjectsSymptoms
Elevated application cannot instantiate COM objectRegular application can instantiate the same COM object
CauseCOM object is registered per user
HKEY_CLASSES_ROOT is a virtual registry hiveHKCU\Software\Classes take precedence in Windows XP and for medium and low integrity processes in Windows 7HKCU\Software\Classes is NEVER used for high integrity processes (elevated) in Windows 7Prevents user configuring malicious COM object and tricking elevated task into executing code.
MitigationApplications that will require administrator rights should register any COM objects during installation to HKLM\Software\Classes.
UAC: Mapped Network Drives
Symptoms Regular mapped network drives (and SUBST) are not visible when running elevatedDrives mapped from an elevated prompt are not visible in standard processes (including Explorer)
CausesMappings attached to logon session
Mapped Network drives are only valid in the context of the user token that mapped themTwo sets of mapping for split token situation
UAC: Mapped Network Drives (cont.)
MitigationAutomatic mitigation for installers accessing remote driveMap each drive in the context of the regular token and elevated tokenRegistry entry
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLinkedConnections = (dword)1http://support.microsoft.com/kb/937624
Mapped Network Drives
Demo
New Folder Locations
“My Documents” and other user folder locations are changed to provide a better user experience
The user data is now stored in: ‘\users\%username%\’ folder structurePictures, Music, Documents, Desktop, and Favorites are all new folders directly under this structureThe “My “ prefix was dropped from Documents, Music, etc.“All Users” became “Public” and “\ProgramData”
New Folder Locations (cont.)
Differentiation between User and App data
User does not directly interact with app data
Identify specific locations usingShGetFolderPath or SHGetKnownFolderPathSystem.Environment namespace
Shared User Data (Documents)C:\Users\Public\DocumentsCSIDL_COMMON_DOCUMENTSFOLDERID_PublicDocuments
New Folder Locations (cont.)
Per User Data (Documents)C:\Users\%username%\DocumentsCSIDL_MYDOCUMENTSFOLDERID_DocumentsSpecialFolder.MyDocuments
New Folder Locations (cont.)
Shared Application DataC:\ProgramData\MyAppName%AllUsersProfile%\MyAppNameCSIDL_COMMON_APPDATAFOLDERID_ProgramDataSpecialFolder.CommonApplicationDataSet permissions (ACL) for folders in shared application data area during install
New Folder Locations (cont.)
Per User Application Data (local) C:\Users\%username%\AppData\Local%LOCALAPPDATA%CSIDL_LOCAL_APPDATAFOLDERID_LocalAppDataSpecialFolder.LocalApplicationData
New Folder Locations (cont.)
Per User Application Data (roaming)C:\Users\%username%\AppData\Roaming%APPDATA%CSIDL_APPDATAFOLDERID_RoamingAppDataSpecialFolder.ApplicationData
New Folder Locations (cont.)
Localization ChangesLocalized folder names used to be the actual name (i.e., “C:\Programme”) and an English name was not providedIn Windows 7, all folders have English names (i.e., “C:\Program Files”) and a junction point with the localized name is provided (i.e., “C:\Programme”)Explorer displays the localized name for the actual directory
New Folder Locations: Mitigation
Directory junctionsProvides backward compatibility for hard-coded paths
‘Documents and Settings’ ‘Users’‘My Documents’ ‘Documents’‘Programme’ ‘Program Files’
New Folder Locations: Fixes
Never hard code absolute pathsAppVerifier includes a testScript: environment variablesUnmanaged code (C++/C)
ShGetFolderPath function (CLSID_...)SHGetKnownFolderPath (FOLDERID_...)
Vista and later
Managed code (C#, VB.NET)System.Environment.GetFolderPath
Enum System.Environment.SpecialFolderMicrosoft.VisualBasic.FileIO.SpecialDirectoriesMy.Computer.FileSystem.SpecialDirectories
Q & A
Why: Windows Resource Protection
Core operating system files and registry keys can be overwritten with older versions or malicious code causing serious stability and security issues
Windows Resource Protection (WRP) is designed to protect those objects from being overwritten
Increases system stability, predictability, and reliabilityReplaces Windows File Protection in Windows XP
How: Windows Resource Protection
Updates to protected resources restrictedOS trusted installers (Windows Update)ACL on resources
Affects specific files, folders, and registry keys
Majority of core OS modules (EXE and DLL) Majority of core OS HKCR Registry Keys Folders used exclusively by OS resources
WRP
Demo
Mandatory Integrity ControlWindows 7 implements Mandatory Integrity Control (MIC)Processes run at one of four Integrity Levels:
System processes run at System ILApplications that require administrative privileges run at High ILStandard applications run at Medium ILRestricted apps run at Low IL
Securable objects (Files, Processes, Windows Stations, Message queues) define the minimum IL for a process to access them
Default IL for objects: Medium
User Interface Privilege IsolationUIPI uses MIC’s Integrity Levels to restrict sending window messages
Applications cannot send messages to other applications running at a higher integrity levelHigher application can allow accessSendMessage returns success to mitigate failures
Where compatibility impact is high, lower IL applications can be manifested to opt out of UIPI
ManifestedSigned (authenticated)Installed in “Program Files”
MIC and UIPI
Medium ILProcess
High
Medium
Low
High
Medium
Low
ReadWrite
Low ILProcess
Processes Objects
Send
High ILProcess
Integrity Levels
Security IDs (SIDs) for integrity levelsRID defines the integrity levelLow: S-1-16-4096 (0x1000)Medium: S-1-16-8192 (0x2000)High: S-1-16-12288 (0x3000)System: S-1-16-16384 (0x4000)
Why: IE Protected Mode
Change Settings,
Download a PictureExploit can install MALWARE
IExplore.exeIExplore.exe
Install an ActiveXcontrol
Cache Web content
Exploit can install MALWARE
Admin-Rights AccessAdmin-Rights Access
User-Rights AccessUser-Rights Access
Temp Internet FilesTemp Internet Files
HKLM
Program Files
HKCU
My Documents
Startup Folder
Untrusted files & settings
How: IE Protected Mode
In Windows 7, Microsoft Internet Explorer 8 runs in Protected Mode (IEPM) for non-trusted sites (installation default)
IE runs as separate process instances for different protection modes
Prevents buffer overflow exploits from affecting higher trust level sitesRequired by IEPM’s underlying mechanism:
Mandatory Integrity Control (MIC)User Interface Privilege Isolation (UIPI)
How: IE Protected Mode (cont.)Integrity Levels (IL) for IE
IEPM: Low Integrity LevelUnprotected: Medium Integrity Level
Low-integrity processes (such as IEPM) can only write to folders, files, and registry keys that are also marked as low-integrity
Temporary Internet Files folder%TEMP%\LowHistory folderCookies folderFavorites folderWindows Temporary Files folders%userprofile%\AppData\LocalLow
IEPM: Compatibility ImpactAttempts by ActiveX controls to modify medium and higher IL objects fail
e.g. writing to the user’s Documents folder
ActiveX controls fail to installAutomatic mitigations
IEPM: Automatic Mitigation
IExplore inProtectedMode
Install an ActiveX control
Change settings,
Drag and Drop
Inte
gri
ty C
on
trol an
d U
IPI
IEU
ser.
exe
Redirected settings & files
Cache Web content
Admin-Rights AccessAdmin-Rights Access
User-Rights AccessUser-Rights Access
Temp Internet FilesTemp Internet Files
HKLM
HKCR
Program Files
HKCU
My Documents
Startup Folder
Untrusted files & settings
IEIn
stall.
exe
IEPM: Manual Mitigation
Redesign the site to function properly in Protected Mode
Add site to trusted sites
Protected Mode is not enabled for trusted sites
Use ActiveX Install Services (AXIS) for enterprise deployments
AXIS: How it works
IE parses a page that requires an ActiveX control
If the user is a Standard User, the AXIS is called
The AXIS will perform a lookup in the Allowed Installation Sites list deployed via Group Policy
If the Host URL is within policy, the control will be downloaded by the service
If the control meets the signing criteria, it will be installed as the LocalSystem account
AXIS: Enabling the Service
AXIS is an optional component that must be enabled
Deploy through SMS
Run cmd.exe as Administrator, then run this command: ocsetup.exe AxInstallService
Control Panel Programs Turn Windows Features On or Off
AXIS: Configuring the Policy
Run gpedit.mscNavigate to Computer Settings
Administrative Templates
Windows Components
ActiveX Installer Services
Enter Host URL and policy for each trusted site
Must specify protocol: http or https(preferred)Example: http://download.microsoft.comBest Policy 2, 1, 0, 0
Q & A
Windows and IE Versions
Internal version number for Windows 7 is 6.1 – this is what is returned by GetVersion()
Version number for Internet Explorer is 8.0
Version number is included in User Agent StringUser Agent String is included in HTTP header
Windows
XP
Windows Server 2003
Windows Vista/
WS2008
Windows 7/
WS2008 R2
Version 5.1 5.2 6.0 6.1
Windows Version Mitigation
Compatibility mode is provided in Windows 7
Users can right-click the shortcut or the EXE and apply the Windows XP SP2 compatibility mode from the Compatibility tab. This applies multiple shims including “WinXPSP2VersionLie”PCA automates step for installersBetter: Apply the shim “WinXPSP2VersionLie”
In many cases, applications will work the same way they did in Windows XP and there is no need for changes to them
Windows Version Mitigation (cont.)
'Reinstall using recommended settings' Applies the Windows XP compatibility mode and restarts the programThe fix is effective for all users (stored in HKLM)
Windows Version Remediation
Applications should not perform version checks for equality, e.g. == 5.1
If you need a specific feature, check whether the feature is installed or availableIf you need Windows XP, check for Windows XP or later (>= 5.1)Exceptions to this occur when there is a very specific business, or legal need to do a version check, such as a regulatory body requires you to certify your application for each operating system and version
Windows Version Numbers
Demo
IE8 Version Symptoms
Web sites may render incorrectlyCSS and JavaScript compliance changesRenders in IE8 Standards Mode for Internet sites
Web sites that check the User Agent String for the IE version will get higher version number
Web sites might refuse to loadWeb Sites might reduce functionality
IE8 Version Mitigations
IE7 Compatibility ModeDefault setting for intranet sitesCan be controlled from the server
For a single Web PageFor a directory, application, or site
Add <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" /> to the page or response headerSee http://support.microsoft.com/kb/968499 for different options
IE7 Compatibility Mode
In a Web Page
<html> <head> <title>My Web Page</title> <!-- Use IE7 mode --> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7”/> </head> <body> <p>Content goes here.</p> </body></html>
IE7 Compatibility Mode
In the web.config
<?xml version="1.0" encoding="utf-8"?> <configuration> <system.webServer> <httpProtocol> <customHeaders> <clear /> <add name="X-UA-Compatible" value="IE=EmulateIE7”/> </customHeaders> </httpProtocol> </system.webServer> </configuration>
IE8 Standards Mode
In a Web Page
<html> <head> <title>IE8 Standards Mode Web Page</title> <!-- Use IE8 Standards Mode --> <meta http-equiv="X-UA-Compatible" content="IE=IE8”/> </head> <body> <h1>Hi from IE8 Standards Mode</h1> </body></html>
Expression SuperPreview
Stand-alone visual debugging toolShows web pages rendered in IE 6 and either IE 7 or 8, depending on which version you have installed on your machine.View pages side by side or as an onion-skin overlay and use rulers, guides and zoom/pan tools to precisely identify differences in layout.
Expression SuperPreview
Demo
Sessions in Windows XP/ Server 2003Session 0
Window StationDesktop
Screen Saver
Login
Services
1st User’sWindow
1st User’sWindow
1st User’sWindow
Sessions in Windows 7Session 0
Window StationDesktop
Service
Service
Session 1
Window StationDesktop
Screen Saver
Login
1st User’sWindow
1st User’sWindow
1st User’sWindow
Secure
Session 0: Compatibility Impact
A service and a user application that use window message functions (e.g. SendMessage, PostMessage) to communicate will silently failA service and a user application that use local objects to communicate will silently failA service that uses a UI to interact with the user will display the UI on a special desktop which is inaccessibleApplications that work with Fast User Mode Switching will probably continue to work
Session 0 Isolation
Demo
Less Common IssuesPainting Behavior
Deprecated ComponentsManaged Code for .NET 1.x
64-bit Vista
Painting behavior
Why: To improve user experienceHow: All top-level windows are rendered to an off-screen bitmap; Desktop Window Manager combines the images to draw the desktopImpact: Some applications will render incorrectlyMitigation: Disable desktop composition
Apply shim “DisableDWM”Properties -> Compatibility Tab -> Disable desktop composition
Fixes: Redesign application to not assume that it is rendering directly to the screen
Disabling Desktop Composition
Demo
Deprecated components
Windows Help (WinHlp32.exe)Available as a downloadCHM is now the preferred option
Graphical Identification and Network Authentication (GINA) modulesRemoval of Windows Mail
Disables CoStartOutlookExpressFile associations (.eml, .nws, .contact, .group, .wab, .p7c, .vfc) are broken or disabledInstall Windows Live Mail
Deprecated components (cont.)
Removal of Windows Movie MakerInstall Windows Live Movie Maker
Microsoft Agent technologies Removal of Windows Registry ReflectionPCA instruments CoCreateInstance API and the Loader (NTDLL)
Detect load failures on deprecated COM objects and DLLs respectivelyUses Windows Error Reporting (WER) to retrieveKnowledge Base article or link to download deprecated component
Managed code for .NET 1.x
SymptomManaged code written for .NET 1.x fails (error message or crash)
CauseApplication depends on .NET 1.x feature ANDApplication does not specify <supportedRuntime> or <requiredRuntime> in configuration fileNote: .NET 1.0 did not support <supportedRuntime>
FixAdd <supportedRuntime version="v1.1.4322"/> to <appname>.exe.config
Managed code for .NET 1.x
SymptomManaged code written for .NET 1.x fails (error message or crash)
CauseApplication depends on .NET 1.x feature ANDApplication does not specify <supportedRuntime> or <requiredRuntime> in configuration fileNote: .NET 1.0 did not support <supportedRuntime>
FixAdd <supportedRuntime version="v1.1.4322"/> to <appname>.exe.config
64 bit
WoW64 allows 32-bit applications to run on 64-bit Windows, but compatibility issues may still existNot supported
16-bit applications and installersLimited support for some installers
32-bit kernel mode drivers32-bit user mode printer driversKernel patching (x64 only)
Patchguard prevents applications from patching the Kernel. If this is detected, a shut down will be initiated
Windows Server 2008 R2 – 64 bit ONLY
Windows 7 Logo Program
BenefitsCompatibility message to your customersJoint marketingPartner Points
RequirementsISVs must sign up to receive their crash data from WERUse AppVerifier as part of development lifecycleInstall to correct folder locationsSign binary executablesInclude a manifest and run as a standard userSupport Restart Manager64 bit supportEtc...
Windows 7 Logo Program Roadmap
Follow these steps to verify that your application complies with the Windows 7 Client Software Logo technical requirements:
Download and install the Windows 7 Client Software Logo Toolkit Run the Toolkit to validate your application Ensure the application adheres to all policies Accept and sign all legal agreements Opt in to receive communications from Microsoft about your product(s) Mail a licensed copy of your software to Microsoft Upon successful completion of validation testing submit the results to Microsoft
Tools, documentation, and helpApplication Verifier
http://go.microsoft.com/fwlink/?linkid=11573
Standard User Analyzer http://www.microsoft.com/downloads/details.aspx?FamilyId=24DA89E9-B581-47B0-B45E-492DD6DA2971&displaylang=en
Windows 7 Application Quality Cookbook
http://code.msdn.microsoft.com/Release/ProjectReleases.aspx?ProjectName=Windows7AppQuality&ReleaseId=1734
Windows 7 Training Kit for Developers
http://www.microsoft.com/downloads/details.aspx?FamilyID=1C333F06-FADB-4D93-9C80-402621C600E7&displaylang=en
Application Compatibility Forum
http://social.msdn.microsoft.com/Forums/en-US/windowscompatibility/threads/
Call to action
Get ready for Windows 7 deploymentsTest your applications on Windows 7
Make use of resources that are available nowJoint marketingFree technical supportFree App Compat LabsLatest toolsActive discussion forums
Tell Microsoft and your customersUpdate Greenlight Web Site
Consider Window 7 Logo certification
ResourcesWindows Application Compatibility
http://msdn.microsoft.com/en-us/windows/aa904987.aspx
Developer for Windows 7 on MSDN http://msdn.microsoft.com/en-us/windows/dd433113.aspx IE8 Readiness Toolkit
http://www.microsoft.com/windows/internet-explorer/readiness/developers-new.aspx
Windows API Code Packhttp://code.msdn.microsoft.com/WindowsAPICodePack
Greenlight Web Sitehttp://www.isvappcompat.com/uk
UK DPE Briefings and Labs
http://blogs.msdn.com/ukisvdev/archive/2009/06/09/windows-7-application-compatibility-briefings-and-drop-in-clinic.aspx
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
