|
CSI-300
Foundations of the Native Windows Application Environment
This component course lays the ground work for understanding how the operating system interacts with natively installed Windows applications. Understanding the way in which applications and the operating system expect to be interacting is critical for engineering applications to successfully run under alternative environments such as application virtualization, compatibility shimming, application streaming and cloud environments. This course first covers the Windows Application Environment of the traditional Win32 core up to Windows XP. Next it covers the many new changes to the native application environment that were made in version 6 of the OS kernel that was released with Windows Vista and is in Windows 7 and Server 2008.
Topics
Fundamentals of Windows Processes Anatomy of a process, Permissions, Loading DLLs and Other Code, Security Tokens, Sessions.
COM Fundamentals COM Operations, HKCR, Tracing COM, DLL Loading, Loading Overrides (.LOCAL)
Windows Code Files Anatomy of EXEs and DLLs, DLL Loading, Editing EXEs.
Processes for Kernel 6 (Win7, Vista, Win2008) Windows Integrity Mechanism (WIM) Integrity Levels (IL), User Account Control (UAC), Security Manifesting, On The Fly Virtualization, COM and UAC, Disable UAC, Windows Resource Protection (WRP), User Interface Privilege Isolation (UIPI), Win7: Per-User Applications (PUA), Win7: XP Mode
IE Changes for Kernel 6 IE Protected Mode (IEPM), Usage of ILs, Usage of UAC Virtualization
Application Internals The main ways in whch an application integrates with Windows. Environment variables, App Paths, Shortcuts, Extension Mapping, Shell Extensions, etc.
Labs & Templates:
Procmon filter templates
Tracing COM
Replacing internal UAC manifests
Virtualization: Detecting, Tracing, Cleaning Up
Tools:
Process Explorer (Procexp.exe)
Process Monitor (Procmon.exe)
Explorer Suite EXE Editor
whoami
RegScanner
RegfromApp
AppCompat
AppVerifier
|