How Applications Work on Windows 7 and Windows 8

This training course lays the ground work for understanding how the operating system interacts with natively installed Windows applications. This understanding is critical for engineering applications to successfully run under alternative environments such as application virtualization, compatibility shimming, application streaming and cloud environments. This course first covers the Windows Application Environment of the traditional Win32 core up to Windows XP. Next it covers the many new changes to the native application environment that were made in version 6 of the OS kernel that was released with Windows Vista and is in Windows 7, Windows 8 and Server 2008.  Windows 8 Metro applications packaging and deployment is also covered.



Fundamentals of Windows Processes
Anatomy of a process, Permissions, Loading DLLs and Other Code, Security Tokens, Sessions.

COM Fundamentals
COM Operations, HKCR, Tracing COM, DLL Loading, Loading Overrides (.LOCAL)

Windows Code Files
Anatomy of EXEs and DLLs, DLL Loading, Editing EXEs.

Processes for Kernel 6 (Win8, Win7, Vista, Win2008)
Windows Integrity Mechanism (WIM) Integrity Levels (IL), User Account Control (UAC), Security Manifesting, UAC Virtualization, COM and UAC, Disable UAC, Windows Resource Protection (WRP), User Interface Privilege Isolation (UIPI), Win7: Per-User Applications (PUA), Win7: XP Mode

IE Changes for Kernel 6
IE Protected Mode (IEPM), Usage of ILs, Usage of UAC Virtualization

Application Internals
The main ways in whch an application integrates with Windows. Environment variables, App Paths, Shortcuts, Extension Mapping, Shell Extensions, etc.

Windows 8 Metro Applications
Installation and Management of AppX, AppX Package Formats, Metro Programming Model

Labs & Templates:
  • Procmon filter templates
  • Tracing COM
  • Replacing internal UAC manifests
  • Virtualization: Detecting, Tracing, Cleaning Up
  • Tools:
  • Process Explorer (Procexp.exe)
  • Process Monitor (Procmon.exe)
  • Explorer Suite EXE Editor
  • whoami
  • AppCompat
  • AppVerifier