Software Development on Windows

in a mini-nutsehll

Himanshu Pareek

1

Agenda

2

Introduction

Write User Friendly Applications

Respect UAC

Use Application Verifier

Use Defense Offered by Visual Studio

Kernel Mode Programming – Rules

Developing on Windows

3

Windows SDK [Win32 API]

Windows Native API (System Calls) User Mode

Kernel Mode

Visual

Basic MFC JRE …

.NET

ASP

Windows Kernel DDI

Tools

4

• Use SDK and DDK Develop with Visual Studio

• Sysinternals Suite Analyze

• WinDbg

• Windows Application Verifier Debug

• Application Compatibility Toolkit Test

Compatibility

• MSI Project Package

Choose the right form for software

5

• Command Line Application

• GUI Application

• Service Executable

• Static [.lib]

• Dynamic [.dll] Library

Driver [.sys]

Choose the Right Place For Software

6

Application

System Libraries

More System Libraries

Kernel Interface

Kernel

User Mode

Kernel Mode

Choose the appropriate storage for

Application Data.

7

Registry {HKLM\Software\<>}

C:\Users\<User Name>\<.application

folder>

Create file system hierarchy under

installation Directory

?? C:\Program

Files\

Before you switch to 3rd Party Library

8

Security Related

CryptoAPI

WinTrust

Certificate Enrollment API

Process, Thread Related Information

PSAPI

Remote Management

Compression

Image Processing Libraries

……….

COM

WMI

Hungarian Coding Notation

9

Prefix Description

a Array

b Boolean

c char

szr Zero terminated string

m_ Data member of class

n Short Integer

cb Count of bytes

f flag

g_ Global

C Class

i Integer

Use Code Analysis

10

Kernel Mode Programming

Static Driver Verifier

whole driver analyzer

PREFast

per function analyzer

.NET

FxCop

Visual Studio Code Analysis

/analyze

Write Friendly Applications

11

Responsive GUI

Work with (not against)

Anti Virus

Firewall

Install should

BE Reversible

BE done to correct folder by default

COPY Digitally signed files & drivers

BE Secure By Default

Write Friendly Applications (2)

12

I. Adhere to Restart Manager Messages

II. Support Multiuser Sessions

III. Give a second thought to

I. Loading Services and Drivers in Safe Mode

II. Not supporting 64 bit Windows

User Account Control

13

Adjusting the permissions as per requirement

For Example Logged in as Administrator? Yes

Need Admin Privileges? No

Run as standard User

Windows Application Verifier

14

Heap Errors

Handle Errors

Lock Errors

Memory Errors

Thread Errors

File Path Errors

Install Kernel Mode Driver

Low Resource

Limited User Account Predictor

Dangerous APIs

Dirty Stacks

Defenses Offered by Visual Studio

Stack-based Buffer Overrun Detection (/GS)

Safe Exception Handling (/SafeSEH)

Data Execution Prevention (DEP) Compatibility (/NXCompat)

Image Randomization (/DynamicBase)

Automatic use of safer function calls #define _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES 1

15

CERT Coding Standards

16

Be Specific When dynamically loading libraries

Don't forcibly terminate execution

Restrict privileges when spawning child process

Understand handle inheritance

Consider encrypting function pointers

Kernel Mode Programming

17

Directly reference user-mode memory? NO

Code executing at or above DISPATCH_LEVEL must not cause

page faults.

Allocations from the PagedPool must occur at an IRQL less than

DISPATCH_LEVEL. Allocations from the NonPagedPool must occur

at an IRQL less than or equal to DISPATCH_LEVEL.

Allocate non paged pool memory for long-term use at start-up

Use look aside lists

Kernel Mode Programming

18

Make sure that the subroutine that claims the lock releases it

never tries to claim it twice,

don’t call any other subroutine while you own the lock.

Use the IoGetStackLimits and IoGetRemainingStackSize routines

determine whether enough stack space remains to call a function to perform a

task and,

if not, queue the task to a work item.