Monday, July 22, 2013

Application Compatibility : PART 2 (Shims in Details)

Hi friends long time after several busy days , infact months am writing up this post and hope this serves a basic and more a bit advanced concept to sharpen knowledge for application compatibility. Also one more advanced thing am going to put up on my blog is the Virtualization basics such as Application virtualization , Desktop virtualization & Server virtualization. Technologies such as Vmware ESXi vSphere 5.1 , Microsoft HyperV , Citrix Xendesktop  and related Citrix Xen Technologies...

Windows In built Application compatibility mode and as well as PCA (Program Compatibility assistant) are only for home users and small organizations. PCA will be covered in later once the enterprise application compatibility topic is covered.
Custom Compatibility Fixes for Applications: Shimming [Discussing only what shim is and not in detail about ACT (Application Compatibility Toolkit), shim usage and decision to use shim, shim database]
Managing Shims in an enterprise:
1/ Understanding Shims.
2/ when to use shims for Compatibility Mitigations [Making Decision].
3/ Custom Shim Database-Management Strategies
4/ Custom Shim Database Deployment

 1/ Understanding Shims

  1.  Shims are Windows Application Compatibility Infrastructure (shim engine) which provides one option for resolving compatibility challenges with Windows 7. By applying Application Fixes (shims) to a specific application, you can modify the behavior of Windows, but only for that application
  2. In computer programming, a shim (from shim) is a small library that transparently intercepts an API and changes the parameters passed, handles the operation itself, or redirects the operation elsewhere. Shims typically come about when the behavior of an API changes, thereby causing compatibility issues for older applications which still rely on the older functionality. In such cases, the older API can still be supported by a thin compatibility layer on top of the newer code.  Shims can also be used for running programs on different software platforms than they were developed for.
  3. Following below diagram shows the legacy application fails on windows 7 and the same after shimming runs as expected. The Shim Infrastructure implements a form of application programming interface (API) hooking. Specifically, it leverages the nature of linking to redirect API calls from Windows itself to alternative code—the shim itself. The Windows Portable Executable (PE) and Common Object File Format (COFF) Specification includes several headers, and the data directories in this header provide a layer of indirection between the application and the linked file. Calls to external binary files take place through the Import Address Table (IAT). Consequently, a call into Windows looks like Figure 1 to the system

Example : Wine is a shim that allows running many Microsoft Windows applications on Linux, BSD, Solaris,Mac OS X based operating systems.

2/ when to use shims for Compatibility Mitigations [Making Decision]

  • Acquired the application from a vendor that is no longer in business

  • Application is developed internally

  • Acquired the application from a vendor that will eventually be releasing a compatible version, but support is not critical

NOTE: One critical decision needs to make here is to which version of the application the shim is to be applied. As per my experience working with shim it can be applied with any version of application up or down , but one needs to be ensure that the next version released by the vendor is not a shim version or a compatible version.

3/ Custom Shim Database-Management Strategies:

Finally once the decision criteria is up to the mark of using the shim technology. Now it comes to what different kind of strategies require using, whether incorporate in the application packaging process or warehouse a custom shim database in centralized location to smooth the deployment process.

General Approaches:

  1. Define standards for when to apply shims
  2. Define standards for custom shim databases
  3. Define a resource responsible for addressing questions and enforcing standards

Deploying fixes as part of an application package

One strategy for deploying application fixes is to include the custom shim database—containing a single entry for the application the package is installing—directly into the installation package. During the early phases of compatibility testing, this can seem like the easiest approach. However, over time this approach can grow more complex.

Managing a centralized custom shim database

Following Strategy  to manage either a single custom shim database or several custom shim databases for large subsets of the organization is need to be consider. Doing so makes it easier to enforce policy and provide consistent updates to application mitigations you discover that you need to support your migration to Windows 7.

Merging custom shim databases

There is  a centralized custom shim database approach benefit from the improved performance of searching a single database to determine whether Windows should apply a shim to a particular executable file.

4/ Custom Shim Database Deployment:
Deploying a custom shim database to users requires the following two actions:
  • Placing the custom shim database (*.sdb file) in a location to which the user’s computer has access (either locally or on the network)
  • Calling the sdbinst.exe command-line utility to install the custom shim database locally
While any approach that completes these two actions will work, commonly used are one of the following two approaches:
  • Packaging the *.sdb file and a script in an .msi file and then deploying the .msi file, making sure to mark the custom action not to impersonate the calling user. For example, if using Microsoft Visual Basic® Scripting Edition (VBScript) script, the custom action type would be msidbCustomActionTypeVBScript + msidbCustomActionTypeInScript + msidbCustomActionTypeNoImpersonate = 0x0006 + 0x0400 + 0x0800 = 0x0C06 = 3078 decimal.
  • Placing the *.sdb file on a network share, and then calling a script on target computers, making sure to call the script at a time when it will receive elevated rights (for example, from a computer start-up script instead of a user log-in script)
Note that you must ensure that the installation of the custom shim database executes with administrative rights.
If you want to know more in depth about the remediation technology in depth kindly drop me an email and based upon time permission will surely update you.


sivanesan said...

Nice post. Very interesting to read. Thank you for Sharing.
erp in chennai

Brave Technologies said...

Nice blog. Thank you for sharing. The information you shared is very effective for learners. erp solutions provider in chennai | erp for automotive industry chennai

jameel khan said...

Those guidelines additionally worked to become a good way to recognize that other people online have the identical fervor like mine to grasp great deal more around this condition.

Selenium Training in Chennai

roman said...
I am fully satisfied with the information you have posted. Good job. Keep posting:)