software development windows nutshell
TRANSCRIPT
![Page 1: Software development windows nutshell](https://reader033.vdocument.in/reader033/viewer/2022052523/555c43b6d8b42a2c068b4f37/html5/thumbnails/1.jpg)
Software Development on Windows
in a mini-nutsehll
Himanshu Pareek
1
![Page 2: Software development windows nutshell](https://reader033.vdocument.in/reader033/viewer/2022052523/555c43b6d8b42a2c068b4f37/html5/thumbnails/2.jpg)
Agenda
2
Introduction
Write User Friendly Applications
Respect UAC
Use Application Verifier
Use Defense Offered by Visual Studio
Kernel Mode Programming – Rules
![Page 3: Software development windows nutshell](https://reader033.vdocument.in/reader033/viewer/2022052523/555c43b6d8b42a2c068b4f37/html5/thumbnails/3.jpg)
Developing on Windows
3
Windows SDK [Win32 API]
Windows Native API (System Calls) User Mode
Kernel Mode
Visual
Basic MFC JRE …
.NET
ASP
Windows Kernel DDI
![Page 4: Software development windows nutshell](https://reader033.vdocument.in/reader033/viewer/2022052523/555c43b6d8b42a2c068b4f37/html5/thumbnails/4.jpg)
Tools
4
• Use SDK and DDK Develop with Visual Studio
• Sysinternals Suite Analyze
• WinDbg
• Windows Application Verifier Debug
• Application Compatibility Toolkit Test
Compatibility
• MSI Project Package
![Page 5: Software development windows nutshell](https://reader033.vdocument.in/reader033/viewer/2022052523/555c43b6d8b42a2c068b4f37/html5/thumbnails/5.jpg)
Choose the right form for software
5
• Command Line Application
• GUI Application
• Service Executable
• Static [.lib]
• Dynamic [.dll] Library
Driver [.sys]
![Page 6: Software development windows nutshell](https://reader033.vdocument.in/reader033/viewer/2022052523/555c43b6d8b42a2c068b4f37/html5/thumbnails/6.jpg)
Choose the Right Place For Software
6
Application
System Libraries
More System Libraries
Kernel Interface
Kernel
User Mode
Kernel Mode
![Page 7: Software development windows nutshell](https://reader033.vdocument.in/reader033/viewer/2022052523/555c43b6d8b42a2c068b4f37/html5/thumbnails/7.jpg)
Choose the appropriate storage for
Application Data.
7
Registry {HKLM\Software\<>}
C:\Users\<User Name>\<.application
folder>
Create file system hierarchy under
installation Directory
?? C:\Program
Files\
![Page 8: Software development windows nutshell](https://reader033.vdocument.in/reader033/viewer/2022052523/555c43b6d8b42a2c068b4f37/html5/thumbnails/8.jpg)
Before you switch to 3rd Party Library
8
Security Related
CryptoAPI
WinTrust
Certificate Enrollment API
Process, Thread Related Information
PSAPI
Remote Management
Compression
Image Processing Libraries
……….
COM
WMI
![Page 9: Software development windows nutshell](https://reader033.vdocument.in/reader033/viewer/2022052523/555c43b6d8b42a2c068b4f37/html5/thumbnails/9.jpg)
Hungarian Coding Notation
9
Prefix Description
a Array
b Boolean
c char
szr Zero terminated string
m_ Data member of class
n Short Integer
cb Count of bytes
f flag
g_ Global
C Class
i Integer
![Page 10: Software development windows nutshell](https://reader033.vdocument.in/reader033/viewer/2022052523/555c43b6d8b42a2c068b4f37/html5/thumbnails/10.jpg)
Use Code Analysis
10
Kernel Mode Programming
Static Driver Verifier
whole driver analyzer
PREFast
per function analyzer
.NET
FxCop
Visual Studio Code Analysis
/analyze
![Page 11: Software development windows nutshell](https://reader033.vdocument.in/reader033/viewer/2022052523/555c43b6d8b42a2c068b4f37/html5/thumbnails/11.jpg)
Write Friendly Applications
11
Responsive GUI
Work with (not against)
Anti Virus
Firewall
Install should
BE Reversible
BE done to correct folder by default
COPY Digitally signed files & drivers
BE Secure By Default
![Page 12: Software development windows nutshell](https://reader033.vdocument.in/reader033/viewer/2022052523/555c43b6d8b42a2c068b4f37/html5/thumbnails/12.jpg)
Write Friendly Applications (2)
12
I. Adhere to Restart Manager Messages
II. Support Multiuser Sessions
III. Give a second thought to
I. Loading Services and Drivers in Safe Mode
II. Not supporting 64 bit Windows
![Page 13: Software development windows nutshell](https://reader033.vdocument.in/reader033/viewer/2022052523/555c43b6d8b42a2c068b4f37/html5/thumbnails/13.jpg)
User Account Control
13
Adjusting the permissions as per requirement
For Example Logged in as Administrator? Yes
Need Admin Privileges? No
Run as standard User
![Page 14: Software development windows nutshell](https://reader033.vdocument.in/reader033/viewer/2022052523/555c43b6d8b42a2c068b4f37/html5/thumbnails/14.jpg)
Windows Application Verifier
14
Heap Errors
Handle Errors
Lock Errors
Memory Errors
Thread Errors
File Path Errors
Install Kernel Mode Driver
Low Resource
Limited User Account Predictor
Dangerous APIs
Dirty Stacks
![Page 15: Software development windows nutshell](https://reader033.vdocument.in/reader033/viewer/2022052523/555c43b6d8b42a2c068b4f37/html5/thumbnails/15.jpg)
Defenses Offered by Visual Studio
Stack-based Buffer Overrun Detection (/GS)
Safe Exception Handling (/SafeSEH)
Data Execution Prevention (DEP) Compatibility (/NXCompat)
Image Randomization (/DynamicBase)
Automatic use of safer function calls #define _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES 1
15
![Page 16: Software development windows nutshell](https://reader033.vdocument.in/reader033/viewer/2022052523/555c43b6d8b42a2c068b4f37/html5/thumbnails/16.jpg)
CERT Coding Standards
16
Be Specific When dynamically loading libraries
Don't forcibly terminate execution
Restrict privileges when spawning child process
Understand handle inheritance
Consider encrypting function pointers
![Page 17: Software development windows nutshell](https://reader033.vdocument.in/reader033/viewer/2022052523/555c43b6d8b42a2c068b4f37/html5/thumbnails/17.jpg)
Kernel Mode Programming
17
Directly reference user-mode memory? NO
Code executing at or above DISPATCH_LEVEL must not cause
page faults.
Allocations from the PagedPool must occur at an IRQL less than
DISPATCH_LEVEL. Allocations from the NonPagedPool must occur
at an IRQL less than or equal to DISPATCH_LEVEL.
Allocate non paged pool memory for long-term use at start-up
Use look aside lists
![Page 18: Software development windows nutshell](https://reader033.vdocument.in/reader033/viewer/2022052523/555c43b6d8b42a2c068b4f37/html5/thumbnails/18.jpg)
Kernel Mode Programming
18
Make sure that the subroutine that claims the lock releases it
never tries to claim it twice,
don’t call any other subroutine while you own the lock.
Use the IoGetStackLimits and IoGetRemainingStackSize routines
determine whether enough stack space remains to call a function to perform a
task and,
if not, queue the task to a work item.