Thursday, January 31, 2008

MOVB-12 Application compatibility

When trying to install third party software under Vista, you can run into the following trouble:

Software would like to disable UAC entirely.

Sample application: EasyBCD

Software needs to be added to DEP exemption list, because it's somehow protected ("packed").

... and the error message will puzzle most (if not all) end-users :)

Sample application: AuctionSentry

Software needs a compatibility pack from Microsoft

I guess compatibility packs rely on the Shim Engine, but I have never dug too deep in those mechanisms. Let's say that it is a database of big hacks to get crappy applications working :)

Sample : March 2007 Windows Vista Application Compatibility Update

You wait 3 monthes for an upgrade

Sample : iTunes [*], Microsoft Visual Studio 2005 [**]

[*] It seems also that iTunes will never be Vista64-compatible.
[**] Visual Studio 2005 still needs to be "elevated" to run properly on Vista.

You wait 3 monthes, but the upgrade is not free

Sample : some Adobe products


Oh yeah, I almost forgot. The software can play nice on 1st try! ;)

Wednesday, January 30, 2008

MOVB-11 Vista logging

A nice finding about Windows Vista logging:
http://www.heysoft.de/Frames/Vista_Remarks1_en.htm

In short, most event log files are not properly referenced in the registry. Under HKLM\System\CCS\Services\EventLog\*\, the "File" entry has a ".elf" suffix, whereas Vista file format is ".evtx".

Consequently, most remote log reading tools (like Windows XP's Event Viewer, but most log collection tools could be affected) are unable to access Vista event logs.

This has been confirmed on my up-to-date Vista 64 system.

The conclusion from this guy is: "I must admit that I do now better understand all those people why say that they never install a Windows operating system in a production environment before its first Service Pack is out."

Fortunately, SP1 is due for Q1 2008 :)

Tuesday, January 29, 2008

MOVB-10 Bug or security flaw?

[ MOVB is back on track ... time to finish up, before Vista SP1 being out! ]

An interesting bug from Microsoft Knowledge Base 945438:
Consider the following scenario:
  • On a computer that is running Windows Vista, you use Microsoft Office PowerPoint 2007 to record audio, or you use another application to record audio.
  • The application calls the acmFormatChoose function to display a dialog box so that you can select the waveform-audio format.
In this scenario, the application crashes.
What is more interesting is the logic behind this bug:
The acmFormatChoose function tries to free a pointer that was not allocated.
Bug or security flaw? Given Vista heap protections, this one might be hard to exploit, even locally. But who dares to say impossible, when it comes to bug exploitation?